Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer freezes momentarily, but often on & offline


  • Please log in to reply

#1
oldrailroadgeek

oldrailroadgeek

    Member

  • Member
  • PipPip
  • 83 posts

System is XP, serv pk 3, with Malwarebytes Premium Antimalware installed and ZoneAlarm Antivirus.  Ran OTL last night  and logs attached, this morning Mbam reported pup detected during 1AM scan, clicked button to repair and system rebooted to complete repair, during reboot system reported error and ran "ckdsk" then system reported repair successful and system rebooted.  Screen continues to freeze momentarily both off & on line.  When screen freezes mediaplayer also stops then restarts when freeze stops.  I reran OTL this morning and there are several lines missing from the second run that were in the first run.  I am including this second run log also.

OTL logfile created on: 4/20/2014 6:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.37 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 25.97% Memory free
5.22 Gb Paging File | 3.91 Gb Available in Paging File | 74.93% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 115.27 Gb Free Space | 82.90% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/20 11:38:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\My Documents\Downloads\OTL.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/18 11:02:32 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/10 01:01:04 | 000,455,744 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/08/27 17:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/04/03 14:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 14:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 14:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/03/11 12:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 12:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/09 14:23:22 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/18 11:02:32 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 12:07:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/13 12:06:51 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
MOD - [2014/02/13 12:03:47 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 11:34:49 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 11:33:15 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 11:32:59 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/13 11:30:36 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 11:21:01 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/10/17 05:33:48 | 000,065,936 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
MOD - [2013/09/22 03:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 03:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 03:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 03:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 03:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 03:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 03:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 03:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 03:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 03:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 03:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 03:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 03:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 11:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/04/19 11:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/18 11:02:32 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/20 16:20:48 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/10 23:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/17 02:02:10 | 000,144,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stop_Pending] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/17 02:02:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/11/15 21:06:08 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/01/17 17:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 17:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 17:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/29 13:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 13:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 21:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/10 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/01/19 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2014/04/10 16:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions
[2014/04/10 16:32:34 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]
[2013/03/21 03:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2014/04/10 16:19:49 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
[2014/03/18 11:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/03/18 11:02:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/03/18 11:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/18 11:02:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/03/13 20:19:05 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe -update plugin File not found
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/16 23:18:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/04/16 23:18:35 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/04/16 23:18:26 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/04/16 23:18:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/04/16 23:18:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/04/16 23:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/13 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
[2014/04/13 23:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tune-Up
[2014/04/13 23:17:35 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/13 23:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/13 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/10 16:27:08 | 000,035,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klim5.sys
[2014/04/10 16:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/04/10 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014/04/10 16:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\Check Point Software Technologies LTD
[2014/04/10 15:37:31 | 000,000,000 | ---D | C] -- C:\12bdf20f60ec5535a09cbe
[2014/04/09 14:18:36 | 000,000,000 | ---D | C] -- C:\f44a78990ffdc5e00561dc6ca7
[2014/03/26 19:23:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/26 19:23:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/20 19:03:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/20 18:26:20 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2014/04/20 16:20:48 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/20 15:41:23 | 000,029,280 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2014/04/19 11:51:38 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-20-2014.wps
[2014/04/19 11:36:44 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/04/19 11:36:43 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/04/18 19:38:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-04.xlr
[2014/04/17 19:28:08 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:15:47 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Church Mutual.xlr
[2014/04/17 19:11:27 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/17 16:03:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address-Church Mutual.wps
[2014/04/17 11:02:43 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-03.xlr
[2014/04/16 22:08:42 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/16 22:08:42 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/16 22:04:17 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/16 22:04:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/16 22:03:59 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/04/14 19:47:42 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/04/13 23:38:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/13 23:17:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/12 17:42:24 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-13-2014.wps
[2014/04/12 01:06:34 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2014/04/10 16:27:52 | 000,418,108 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/04/10 16:25:54 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2014/04/09 20:46:37 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 3-2014.xlr
[2014/04/09 15:35:45 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/09 10:01:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:24:33 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 11:25:32 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCO.xlr
[2014/04/07 13:10:22 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2014/04/04 13:45:54 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2014/04/04 13:40:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address.wps
[2014/04/04 10:08:29 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-6-2014.wps
[2014/04/03 20:01:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 19:35:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Shrils Flowers.wps
[2014/03/31 19:32:39 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Shirl's Flowers.xlr
[2014/03/31 15:55:41 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Town of Iaeger.wps
[2014/03/31 15:25:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Town of Iaeger.xlr
[2014/03/31 15:01:19 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/03/29 10:10:11 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 3-31-14.xlr
[2014/03/27 13:50:16 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Southland.wps
[2014/03/27 13:45:31 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-County PSD.wps
[2014/03/27 13:44:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree envelope 2014.wps
[2014/03/26 16:13:41 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Supplies 3-26-14.xlr
[2014/03/26 15:47:35 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Iaeger Library 3-20-14.xlr
[2014/03/26 14:39:03 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
[2014/03/26 14:21:22 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Preacher.wps
[2014/03/26 14:18:33 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Template.xlr
[2014/03/26 13:35:53 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\iumc charitable giftsb 2013.xlr
[2014/03/25 19:27:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 1-2013.xlr
[2014/03/25 19:26:19 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 2-2013.xlr
[2014/03/25 19:24:03 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 3-2013.xlr
[2014/03/25 19:20:37 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 4-2013.xlr
[2014/03/25 19:18:51 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 5-2013.xlr
[2014/03/25 19:14:37 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 6-2013.xlr
[2014/03/25 19:13:16 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 7-2013.xlr
[2014/03/25 19:11:10 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 8-2013.xlr
[2014/03/25 19:08:36 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 9-2013.xlr
[2014/03/25 19:05:29 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 10-2013.xlr
[2014/03/25 19:02:36 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 12-2013.xlr
[2014/03/25 19:01:31 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 11-2013.xlr
[2014/03/25 16:33:33 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 1-31-14.xlr
[2014/03/25 14:26:30 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC-INCOME-EXP-2013.xlr
[2014/03/22 11:19:40 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 3-23-2014.wps
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 11:26:03 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-20-2014.wps
[2014/04/17 19:28:07 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:15:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Church Mutual.xlr
[2014/04/17 19:11:26 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/17 16:03:51 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address-Church Mutual.wps
[2014/04/17 11:32:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-04.xlr
[2014/04/17 11:02:43 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-03.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/12 17:42:24 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-13-2014.wps
[2014/04/10 16:27:26 | 000,418,108 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/04/10 16:25:54 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2014/04/09 14:25:12 | 000,102,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/08 11:25:31 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCO.xlr
[2014/04/04 13:45:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2014/04/04 13:40:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address.wps
[2014/04/04 10:08:28 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-6-2014.wps
[2014/03/31 19:32:39 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Shirl's Flowers.xlr
[2014/03/31 15:25:12 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Town of Iaeger.xlr
[2014/03/31 15:01:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/03/28 19:35:03 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/28 19:35:02 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/27 13:44:51 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree envelope 2014.wps
[2014/03/26 16:13:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Supplies 3-26-14.xlr
[2014/03/26 13:35:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\iumc charitable giftsb 2013.xlr
[2014/03/22 11:19:40 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 3-23-2014.wps
[2013/10/29 23:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 23:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 23:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/09/07 19:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 03:24:20 | 000,855,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 03:24:13 | 000,199,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 19:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 12:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 12:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 01:38:54 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 15:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 09:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 12:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 15:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 18:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/04/24 19:16:15 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/31 11:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/17 17:07:06 | 000,029,280 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2005/01/09 21:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/24 20:53:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation

< End of report >

OTL Extras logfile created on: 4/20/2014 6:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.37 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 25.97% Memory free
5.22 Gb Paging File | 3.91 Gb Available in Paging File | 74.93% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 115.27 Gb Free Space | 82.90% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Reconnect To Technician] -- cmd.exe /c start iexplore.exe logmein123.com (Microsoft Corporation)
Directory [Start Team Viewer] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:FreeFileViewerUpdateChecker -- (Bitberry Software)
"C:\Program Files\File Type Assistant\tsassist.exe" = C:\Program Files\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55938E68-F7B3-42B1-9317-60D44067869C}" = ZoneAlarm Antivirus
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C511D4D-FBD5-4748-822C-4E51BC0CC87E}" = ZoneAlarm DataLock
"{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1" = Free Opener
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 8.3.14
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MG2200 series User Registration" = Canon MG2200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Card Games for Windows" = Card Games for Windows
"FileHippo.com" = FileHippo.com Update Checker
"FreeFileViewer_is1" = Free File Viewer 2012
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tune-Up" = PC Tune-Up
"Trusted Software Assistant_is1" = File Type Assistant
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/1/2014 10:14:06 PM | Computer Name = YOUR-0C81E70C58 | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage
 
Error - 2/13/2014 11:48:29 AM | Computer Name = YOUR-0C81E70C58 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 3/12/2014 12:18:35 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 27.0.1.5156, faulting
 module mozalloc.dll, version 27.0.1.5156, fault address 0x0000119c.
 
Error - 3/12/2014 12:18:47 PM | Computer Name = YOUR-0C81E70C58 | Source = Application Error | ID = 1001
Description = Fault bucket 68557324.
 
Error - 3/14/2014 11:14:49 AM | Computer Name = YOUR-0C81E70C58 | Source = Microsoft Works 8 | ID = 1000
Description =
 
Error - 3/14/2014 11:14:58 AM | Computer Name = YOUR-0C81E70C58 | Source = Microsoft Works 8 | ID = 1001
Description =
 
Error - 3/20/2014 2:34:26 PM | Computer Name = YOUR-0C81E70C58 | Source = Microsoft Works 8 | ID = 1000
Description =
 
Error - 3/20/2014 2:34:36 PM | Computer Name = YOUR-0C81E70C58 | Source = Microsoft Works 8 | ID = 1001
Description =
 
Error - 4/9/2014 3:44:45 PM | Computer Name = YOUR-0C81E70C58 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 4/10/2014 4:26:56 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
[ System Events ]
Error - 4/10/2014 12:03:22 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  
It has done this 4162 time(s).
 
Error - 4/10/2014 1:03:19 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  
It has done this 4350 time(s).
 
Error - 4/10/2014 2:03:23 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  
It has done this 4533 time(s).
 
Error - 4/10/2014 3:03:10 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  
It has done this 4736 time(s).
 
Error - 4/10/2014 4:03:01 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  
It has done this 48 time(s).
 
Error - 4/15/2014 7:15:21 AM | Computer Name = YOUR-0C81E70C58 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 4/15/2014 5:40:23 PM | Computer Name = YOUR-0C81E70C58 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 4/15/2014 5:40:23 PM | Computer Name = YOUR-0C81E70C58 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 4/16/2014 10:06:00 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MBAMService service.
 
Error - 4/17/2014 4:22:47 AM | Computer Name = YOUR-0C81E70C58 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
 
< End of report >
OTL logfile created on: 4/21/2014 3:14:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.37 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 33.79% Memory free
5.22 Gb Paging File | 4.36 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 115.30 Gb Free Space | 82.93% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/20 11:38:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\My Documents\Downloads\OTL.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/10 01:01:04 | 000,455,744 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/10/25 23:07:48 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2013/08/27 17:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/04/03 14:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 14:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 14:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/04/19 16:39:30 | 000,935,744 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2010/03/11 12:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 12:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/09 14:23:22 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 12:07:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/13 12:06:51 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f254328a10638e87223d401b39197c91\System.Configuration.Install.ni.dll
MOD - [2014/02/13 12:03:47 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 11:34:49 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 11:33:15 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 11:32:59 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/13 11:30:36 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 11:21:01 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/10/17 05:33:48 | 000,065,936 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
MOD - [2013/09/22 03:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 03:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 03:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 03:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 03:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 03:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 03:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 03:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 03:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 03:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 03:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 03:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 03:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 11:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/04/19 16:40:06 | 000,088,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2011/04/19 16:39:32 | 000,290,112 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2011/04/19 16:39:24 | 000,222,016 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/04/19 11:36:45 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/18 11:02:32 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 23:45:12 | 002,445,816 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013/10/15 05:38:52 | 000,050,704 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2013/08/27 17:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lcmjpwf.sys -- (ifxqgb)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/21 11:22:29 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/25 23:07:48 | 000,529,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/10 23:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/17 02:02:10 | 000,144,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stop_Pending] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/17 02:02:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/11/15 21:06:08 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/01/17 17:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 17:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 17:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/29 13:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 13:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 21:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/10 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/01/19 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2014/04/10 16:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions
[2014/04/10 16:32:34 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]
[2013/03/21 03:15:42 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2014/04/10 16:19:49 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
[2014/03/18 11:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/03/18 11:02:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/03/18 11:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/18 11:02:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/03/13 20:19:05 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 08:27:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/16 23:18:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/04/16 23:18:35 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/04/16 23:18:26 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/04/16 23:18:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/04/16 23:18:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/04/16 23:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/13 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
[2014/04/13 23:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tune-Up
[2014/04/13 23:17:35 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/13 23:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/13 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/10 16:27:08 | 000,035,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klim5.sys
[2014/04/10 16:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2014/04/10 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Check Point Software Technologies LTD
[2014/04/10 16:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\Check Point Software Technologies LTD
[2014/04/10 15:37:31 | 000,000,000 | ---D | C] -- C:\12bdf20f60ec5535a09cbe
[2014/04/09 14:18:36 | 000,000,000 | ---D | C] -- C:\f44a78990ffdc5e00561dc6ca7
[2014/03/26 19:23:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/26 19:23:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/21 15:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/21 11:22:29 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/21 08:33:23 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/21 08:33:23 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/21 08:29:04 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/21 08:28:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/21 08:28:49 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/20 18:26:20 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2014/04/20 15:41:23 | 000,029,280 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2014/04/19 11:51:38 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-20-2014.wps
[2014/04/19 11:36:44 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/04/19 11:36:43 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/04/18 19:38:13 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-04.xlr
[2014/04/17 19:28:08 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:15:47 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Church Mutual.xlr
[2014/04/17 19:11:27 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/17 16:03:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address-Church Mutual.wps
[2014/04/17 11:02:43 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-03.xlr
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/04/14 19:47:42 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/04/13 23:38:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/13 23:17:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/12 17:42:24 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-13-2014.wps
[2014/04/12 01:06:34 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2014/04/10 16:27:52 | 000,418,108 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/04/10 16:25:54 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2014/04/09 20:46:37 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 3-2014.xlr
[2014/04/09 15:35:45 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/09 10:01:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:24:33 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 11:25:32 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCO.xlr
[2014/04/07 13:10:22 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2014/04/04 13:45:54 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2014/04/04 13:40:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address.wps
[2014/04/04 10:08:29 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-6-2014.wps
[2014/04/03 20:01:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 19:35:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Shrils Flowers.wps
[2014/03/31 19:32:39 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Shirl's Flowers.xlr
[2014/03/31 15:55:41 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Town of Iaeger.wps
[2014/03/31 15:25:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Town of Iaeger.xlr
[2014/03/31 15:01:19 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/03/29 10:10:11 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 3-31-14.xlr
[2014/03/27 13:50:16 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Southland.wps
[2014/03/27 13:45:31 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-County PSD.wps
[2014/03/27 13:44:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree envelope 2014.wps
[2014/03/26 16:13:41 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Supplies 3-26-14.xlr
[2014/03/26 15:47:35 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Iaeger Library 3-20-14.xlr
[2014/03/26 14:39:03 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
[2014/03/26 14:21:22 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Preacher.wps
[2014/03/26 14:18:33 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Template.xlr
[2014/03/26 13:35:53 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\iumc charitable giftsb 2013.xlr
[2014/03/25 19:27:25 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 1-2013.xlr
[2014/03/25 19:26:19 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 2-2013.xlr
[2014/03/25 19:24:03 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 3-2013.xlr
[2014/03/25 19:20:37 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 4-2013.xlr
[2014/03/25 19:18:51 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 5-2013.xlr
[2014/03/25 19:14:37 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 6-2013.xlr
[2014/03/25 19:13:16 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 7-2013.xlr
[2014/03/25 19:11:10 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 8-2013.xlr
[2014/03/25 19:08:36 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 9-2013.xlr
[2014/03/25 19:05:29 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 10-2013.xlr
[2014/03/25 19:02:36 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 12-2013.xlr
[2014/03/25 19:01:31 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC ck bk bal 11-2013.xlr
[2014/03/25 16:33:33 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Finance Statment 1-31-14.xlr
[2014/03/25 14:26:30 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC-INCOME-EXP-2013.xlr
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 11:26:03 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-20-2014.wps
[2014/04/17 19:28:07 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:15:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Church Mutual.xlr
[2014/04/17 19:11:26 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/17 16:03:51 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address-Church Mutual.wps
[2014/04/17 11:32:29 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-04.xlr
[2014/04/17 11:02:43 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\MOB Check 2014-03.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/12 17:42:24 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-13-2014.wps
[2014/04/10 16:27:26 | 000,418,108 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/04/10 16:25:54 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2014/04/09 14:25:12 | 000,102,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/08 11:25:31 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCO.xlr
[2014/04/04 13:45:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2014/04/04 13:40:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Change of address.wps
[2014/04/04 10:08:28 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Bulletin 4-6-2014.wps
[2014/03/31 19:32:39 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Shirl's Flowers.xlr
[2014/03/31 15:25:12 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Town of Iaeger.xlr
[2014/03/31 15:01:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/03/28 19:35:03 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/28 19:35:02 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/27 13:44:51 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree envelope 2014.wps
[2014/03/26 16:13:41 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Supplies 3-26-14.xlr
[2014/03/26 13:35:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\iumc charitable giftsb 2013.xlr
[2013/10/29 23:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 23:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 23:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/09/07 19:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 03:24:20 | 000,855,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 03:24:13 | 000,199,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 19:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 12:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 12:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 01:38:54 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 15:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 09:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 12:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 15:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 18:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/04/24 19:16:15 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/01/31 11:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/17 17:07:06 | 000,029,280 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2005/01/09 21:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/24 20:53:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation

< End of report >

Oldrailroadgeek


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Doesn't look like malware.  Some hard drive errors and a lot of Zone Alarm (ZA) problems.  

 

Error - 4/10/2014 1:03:19 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.  

It has done this 4350 time(s)

 

.

 

Since you have done the disk check already I would try to uninstall ZA and perhaps switch over to a different anti-virus like the free Avast.

 
 

 I do see some signs that Kaspersky is still trying to run even tho it is not in your list of programs in the Extras log.

 

DRV - [2013/10/08 05:48:30 | 000,482,912 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/07/17 02:02:10 | 000,144,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stop_Pending] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/07/17 02:02:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2012/11/15 21:06:08 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)

 

 

Two anti-virus programs running at the same time will fight each other.  I would run their removal tools per the instructions here:  http://support.kaspe.../service#block1

 

 

We can check for some other common problems:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron

  • 1

#3
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,


  • 0

#4
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,

            Have printed your instructions, will post resulting logs in the PM.  Spring requires outdoor work in AM to beat the rain.

Thanks for speedy response to problem.  This PC will retire from on-line use as soon as I feel it is working properly so I can carefully transfer files and documents to the new unit {with Win 8.1and already tested on-line} which will be used for online work.

Oldrailroadgeek-Sid


  • 0

#5
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,

     I am unable to download Kasper-link, all I get is "Problem loading page" with the warning [The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.]
  What procedure can I use to get around this problem?

The printed version of your instructions shows the link as: http://support.kaspe...n/service#block1)  Should I try typing the address myself?

Sid


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

The forum likes to shorten urls so that they only work when you click on them.  The actual path is:

http://support.kaspersky.com/us/common/service#block1

I just checked it and it works in Chrome OK but seems slow in Firefox.  You can leave off  the "#block1." 

http://support.kaspersky.com/us/common/service

That just opens the section under "How to use the Utility" (so you will have to click on the + after "How to use the Utility" to open it and read the text).  Both URLs are for the instructions.  The actual download link (on that page) is:  

http://media.kaspersky.com/utilities/consumerutilities/kavremover.exe

  The download is called kavremover.exe


  • 1

#7
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner

      Attached are the Process Explorer log, the Speccy log, & the Event Viewer log.  The Kasper remover found no Kasper products to remove, all the Kasper items in your Quote were removed with the uninstall of Zone Alarm.  Avast is now installed.  If you feel that this computer is in fairly good shape, I will cease using it and go to my new unit.  My 95 yr old Mother will take over this machine off-line for her card games and her Bible reading as this 21" screen is easier for her to see easier than her current 18" monitor.

Thanks for your assistance!

Sid

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
agrsmsvc.exe        404 K    1,388 K    1900    Agere Soft Modem Call Progress Service    Agere Systems    
alg.exe        1,192 K    3,644 K    2244    Application Layer Gateway Service    Microsoft Corporation    
CNQMMAIN.EXE        37,764 K    13,912 K    1884    Canon Quick Menu    CANON INC.    
CNQMSWCS.EXE        32,596 K    38,696 K    3704    Canon Quick Menu Image Display    CANON INC.    
CNQMUPDT.EXE        29,432 K    25,892 K    1104    Canon Quick Menu Updater    CANON INC.    
csrss.exe        1,700 K    3,784 K    564    Client Server Runtime Process    Microsoft Corporation    
ctfmon.exe        908 K    3,288 K    1984    CTF Loader    Microsoft Corporation    
daemonu.exe        3,388 K    5,376 K    1480    NVIDIA Settings Update Manager    NVIDIA Corporation    
dllhost.exe        2,288 K    6,364 K    204    COM Surrogate    Microsoft Corporation    
ehmsas.exe        708 K    2,832 K    4092    Media Center Media Status Aggregator Service    Microsoft Corporation    
ehrecvr.exe        2,536 K    4,700 K    184    Media Center Receiver Service    Microsoft Corporation    
ehSched.exe        1,516 K    4,892 K    256    Media Center Scheduler Service    Microsoft Corporation    
ehtray.exe        2,452 K    1,496 K    1836    Media Center Tray Applet    Microsoft Corporation    
explorer.exe        22,736 K    31,824 K    1696    Windows Explorer    Microsoft Corporation    
jqs.exe        2,216 K    1,448 K    452    Java Quick Starter Service    Oracle Corporation    
jusched.exe        832 K    2,968 K    1896    Java™ Update Scheduler    Oracle Corporation    
lsass.exe        3,884 K    6,512 K    644    LSA Shell (Export Version)    Microsoft Corporation    
mbam.exe        19,576 K    29,704 K    1212    Malwarebytes Anti-Malware    Malwarebytes Corporation    
mbamscheduler.exe        4,560 K    8,568 K    532    Malwarebytes Anti-Malware    Malwarebytes Corporation    
mbamservice.exe        151,184 K    146,352 K    1184    Malwarebytes Anti-Malware    Malwarebytes Corporation    
mcrdsvc.exe        856 K    3,136 K    2056    MCRD Device Service    Microsoft Corporation    
msmsgs.exe        3,544 K    6,728 K    1936    Windows Messenger    Microsoft Corporation    
NvTmru.exe        1,780 K    4,004 K    1876    NVIDIA NvTmru Application    NVIDIA Corporation    
RTHDCPL.exe        21,044 K    22,356 K    1848    Realtek HD Audio Control Panel    Realtek Semiconductor Corp.    
smss.exe        172 K    432 K    508    Windows NT Session Manager    Microsoft Corporation    
spoolsv.exe        3,396 K    5,388 K    1336    Spooler SubSystem App    Microsoft Corporation    
svchost.exe        3,152 K    5,232 K    824    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,908 K    4,720 K    872    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        15,768 K    24,856 K    968    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,236 K    3,544 K    1028    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        2,580 K    4,796 K    1144    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,536 K    3,464 K    396    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        1,500 K    3,924 K    1556    Generic Host Process for Win32 Services    Microsoft Corporation    
svchost.exe        2,516 K    4,384 K    1568    Generic Host Process for Win32 Services    Microsoft Corporation    
System        0 K    244 K    4            
winlogon.exe        6,876 K    4,564 K    588    Windows NT Logon Application    Microsoft Corporation    
WinPatrol.exe        1,832 K    5,592 K    1964    WinPatrol Background Change Detector    BillP Studios    
wmiprvse.exe        1,864 K    4,992 K    1764            
WPFFontCache_v0400.exe        1,124 K    4,004 K    1772    wpffontcache_v0400.exe    Microsoft Corporation    
wscntfy.exe        608 K    2,508 K    4052    Windows Security Center Notification App    Microsoft Corporation    
ZABackup Service.exe        3,152 K    7,244 K    1792    ZABackup Service Module    Pro Softnet Corporation    
ZABackupBackground.exe        1,172 K    4,204 K    2304        Pro Softnet Corp.    
procexp.exe    1.56    11,836 K    18,352 K    2268    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
services.exe    1.56    1,820 K    3,616 K    632    Services and Controller app    Microsoft Corporation    
WifiSvc.exe    1.56    2,796 K    4,588 K    1604    Wifi Service        
wmpnetwk.exe    1.56    11,724 K    13,828 K    2528    Windows Media Player Network Sharing Service    Microsoft Corporation    
ZABackupTray.exe    1.56    3,856 K    8,976 K    1256        Pro Softnet Corp.    
Interrupts    3.13    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System Idle Process    89.06    0 K    28 K    0            

 

Summary
        Operating System
            Windows XP Professional 32-bit SP3
        CPU
            AMD Athlon Neo MV-26    46 °C
            Huron 65nm Technology
        RAM
            2.00GB Single-Channel DDR2 @ 267MHz (4-4-4-12)
        Motherboard
            eMachines WMCP61M (Socket AM2 )    43 °C
        Graphics
            E202H (1280x800@60Hz)
            128MB NVIDIA GeForce 6150SE nForce 430 (Acer Incorporated [ALI])
        Storage
            149GB Seagate ST316081 5AS SCSI Disk Device (SATA)    50 °C
        Optical Drives
            HL-DT-ST DVDRAM GH40F SCSI CdRom Device
        Audio
            Realtek High Definition Audio
Operating System
    Windows XP Professional 32-bit SP3
    Computer type: Desktop
    Installation Date: 1/17/2012 6:53:11 PM
    Serial Number: xxx
        Windows Security Center
            Firewall    Enabled
        Windows Update
            AutoUpdate    Download Automatically and Install at Set Scheduled time
            Schedule Frequency    Every Day
            Schedule Time    10:00 AM
        Antivirus
            Antivirus    Enabled
            Company Name    AVAST Software
            Display Name    avast! Antivirus
            Product Version    9.0.2018
            Virus Signature Database    Up to date
        .NET Frameworks installed
            v4.0 Full
            v4.0 Client
            v3.5 SP1
            v3.0 SP2
            v2.0 SP2
            v1.1 SP1
            v1.0 SP3
        Internet Explorer
            Version    8.0.6001.18702
        Java
                Java Runtime Environment
                    Path    C:\Program Files\Java\jre7\bin\java.exe
                    Version    7.0
                    Update    55
                    Build    14
        Environment Variables
            USERPROFILE    C:\Documents and Settings\Sid Bailey
            SystemRoot    C:\WINDOWS
                User Variables
                    TEMP    C:\Documents and Settings\Sid Bailey\Local Settings\Temp
                    TMP    C:\Documents and Settings\Sid Bailey\Local Settings\Temp
                Machine Variables
                    ComSpec    C:\WINDOWS\system32\cmd.exe
                    FP_NO_HOST_CHECK    NO
                    NUMBER_OF_PROCESSORS    1
                    OS    Windows_NT
                    Path    C:\WINDOWS\system32
                    C:\WINDOWS
                    C:\WINDOWS\System32\Wbem
                    PATHEXT    .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
                    PROCESSOR_ARCHITECTURE    x86
                    PROCESSOR_IDENTIFIER    x86 Family 15 Model 127 Stepping 2, AuthenticAMD
                    PROCESSOR_LEVEL    15
                    PROCESSOR_REVISION    7f02
                    TEMP    C:\WINDOWS\TEMP
                    TMP    C:\WINDOWS\TEMP
                    windir    C:\WINDOWS
        Power Profile
            Active power scheme    Presentation
            Hibernation    Enabled
            Turn Off Monitor after: (On AC Power)    120 min
            Turn Off Hard Disk after: (On AC Power)    120 min
            Suspend after: (On AC Power)    120 min
            Screen saver    Enabled
        Uptime
                Current Session
                    Current Time    4/22/2014 9:28:29 PM
                    Current Uptime    1,248 sec (0 d, 00 h, 20 m, 48 s)
                    Last Boot Time    4/22/2014 9:07:41 PM
        Services
            Running    Agere Modem Call Progress Audio
            Running    Application Layer Gateway Service
            Running    Automatic Updates
            Running    avast! Antivirus
            Running    Background Intelligent Transfer Service
            Running    Client Service for NetWare
            Running    COM+ Event System
            Running    COM+ System Application
            Running    Computer Browser
            Running    Cryptographic Services
            Running    DCOM Server Process Launcher
            Running    DHCP Client
            Running    Distributed Link Tracking Client
            Running    DNS Client
            Running    Error Reporting Service
            Running    Event Log
            Running    Help and Support
            Running    HTTP SSL
            Running    IPSEC Services
            Running    Java Quick Starter
            Running    Logical Disk Manager
            Running    MBAMScheduler
            Running    MBAMService
            Running    Media Center Extender Service
            Running    Media Center Receiver Service
            Running    Media Center Scheduler Service
            Running    Network Connections
            Running    Network Location Awareness (NLA)
            Running    NVIDIA Update Service Daemon
            Running    Plug and Play
            Running    Print Spooler
            Running    Protected Storage
            Running    Remote Access Connection Manager
            Running    Remote Procedure Call (RPC)
            Running    Remote Registry
            Running    Secondary Logon
            Running    Security Accounts Manager
            Running    Security Center
            Running    Server
            Running    Shell Hardware Detection
            Running    SSDP Discovery Service
            Running    System Event Notification
            Running    System Restore Service
            Running    Task Scheduler
            Running    TCP/IP NetBIOS Helper
            Running    Telephony
            Running    Terminal Services
            Running    Themes
            Running    Universal Plug and Play Device Host
            Running    Windows Audio
            Running    Windows Firewall/Internet Connection Sharing (ICS)
            Running    Windows Image Acquisition (WIA)
            Running    Windows Management Instrumentation
            Running    Windows Media Player Network Sharing Service
            Running    Windows Presentation Foundation Font Cache 4.0.0.0
            Running    Windows Time
            Running    Wireless Zero Configuration
            Running    Workstation
            Running    WSWNA3100
            Running    ZoneAlarmBackup Service
            Stopped    .NET Runtime Optimization Service v2.0.50727_X86
            Stopped    Adobe Flash Player Update Service
            Stopped    Alerter
            Stopped    Application Management
            Stopped    ArcSoft Connect Daemon
            Stopped    ASP.NET State Service
            Stopped    ClipBook
            Stopped    Distributed Transaction Coordinator
            Stopped    Extensible Authentication Protocol Service
            Stopped    Fast User Switching Compatibility
            Stopped    Health Key and Certificate Management Service
            Stopped    HID Input Service
            Stopped    IMAPI CD-Burning COM Service
            Stopped    Indexing Service
            Stopped    Logical Disk Manager Administrative Service
            Stopped    Messenger
            Stopped    MHN
            Stopped    Microsoft .NET Framework NGEN v4.0.30319_X86
            Stopped    Mozilla Maintenance Service
            Stopped    MS Software Shadow Copy Provider
            Stopped    Net Logon
            Stopped    Net.Tcp Port Sharing Service
            Stopped    NetMeeting Remote Desktop Sharing
            Stopped    Network Access Protection Agent
            Stopped    Network DDE
            Stopped    Network DDE DSDM
            Stopped    Network Provisioning Service
            Stopped    NT LM Security Support Provider
            Stopped    NVIDIA Driver Helper Service
            Stopped    Performance Logs and Alerts
            Stopped    Portable Media Serial Number Service
            Stopped    QoS RSVP
            Stopped    Remote Access Auto Connection Manager
            Stopped    Remote Desktop Help Session Manager
            Stopped    Remote Procedure Call (RPC) Locator
            Stopped    Removable Storage
            Stopped    Routing and Remote Access
            Stopped    Smart Card
            Stopped    Telnet
            Stopped    Uninterruptible Power Supply
            Stopped    Volume Shadow Copy
            Stopped    WebClient
            Stopped    Windows CardSpace
            Stopped    Windows Driver Foundation - User-mode Driver Framework
            Stopped    Windows Installer
            Stopped    Windows Management Instrumentation Driver Extensions
            Stopped    Windows Presentation Foundation Font Cache 3.0.0.0
            Stopped    Wired AutoConfig
            Stopped    WMI Performance Adapter
        TimeZone
            TimeZone    GMT -5:00 Hours
            Language    English (United States)
            Location    United States
            Format    English (United States)
            Currency    $
            Date Format    M/d/yyyy
            Time Format    h:mm:ss tt
        Scheduler
            4/22/2014 10:03 PM;Every 1 hour(s) from 12:03 AM for 24 hour(s) every day, starting 1/1/2000    Adobe Flash Player Updater
            5/8/2014 3:00 PM;At 3:00 PM on day 8 of every month, starting 3/8/2014    Microsoft Windows XP End of Service Notification Monthly
            Run at user logon    Microsoft Windows XP End of Service Notification Logon
        Hotfixes
                4/9/2014  Security Update for Windows XP (KB2922229)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                4/9/2014  Windows Malicious Software Removal Tool - April 2014 (KB890830)
                    After the download, this tool runs one time to check your computer
                    for infection by specific, prevalent malicious software (including
                    Blaster, Sasser, and Mydoom) and helps remove any infection that
                    is found. If an infection is found, the tool will display a status
                    report the next time that you start your computer. A new version
                    of the tool will be offered every month. If you want to manually
                    run the tool on your computer, you can download a copy from the
                    Microsoft Download Center, or you can run an online version from
                    microsoft.com. This tool is not a replacement for an antivirus
                    product. To help protect your computer, you should use an antivirus
                    product.
                4/9/2014  Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2936068)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                3/27/2014  Windows XP End of Support Notification (KB2934207)
                    This update is intended to notify customers of the Windows XP
                    End of Support date, April 8th 2014.
                3/19/2014  Windows Malicious Software Removal Tool - March 2014 (KB890830)
                    After the download, this tool runs one time to check your computer
                    for infection by specific, prevalent malicious software (including
                    Blaster, Sasser, and Mydoom) and helps remove any infection that
                    is found. If an infection is found, the tool will display a status
                    report the next time that you start your computer. A new version
                    of the tool will be offered every month. If you want to manually
                    run the tool on your computer, you can download a copy from the
                    Microsoft Download Center, or you can run an online version from
                    microsoft.com. This tool is not a replacement for an antivirus
                    product. To help protect your computer, you should use an antivirus
                    product.
                3/14/2014  Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2925418)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                3/13/2014  Security Update for Windows XP (KB2929961)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                3/13/2014  Security Update for Windows XP (KB2930275)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/19/2014  Windows Malicious Software Removal Tool - February 2014 (KB890830)
                    After the download, this tool runs one time to check your computer
                    for infection by specific, prevalent malicious software (including
                    Blaster, Sasser, and Mydoom) and helps remove any infection that
                    is found. If an infection is found, the tool will display a status
                    report the next time that you start your computer. A new version
                    of the tool will be offered every month. If you want to manually
                    run the tool on your computer, you can download a copy from the
                    Microsoft Download Center, or you can run an online version from
                    microsoft.com. This tool is not a replacement for an antivirus
                    product. To help protect your computer, you should use an antivirus
                    product.
                2/13/2014  Security Update for Windows XP (KB2916036)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/13/2014  Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)
                    Install this update to resolve issues in Windows. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article for more information.
                    After you install this item, you may have to restart your computer.
                2/13/2014  Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2901111)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/13/2014  Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2909921)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/13/2014  Security Update for Microsoft .NET Framework 1.0 SP3 on Windows XP Tablet PC and Media Center (KB2904878)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/13/2014  Security Update for Windows XP (KB2909210)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
                2/13/2014  Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2898856)
                    A security issue has been identified in a Microsoft software
                    product that could affect your system. You can help protect your
                    system by installing this update from Microsoft. For a complete
                    listing of the issues that are included in this update, see the
                    associated Microsoft Knowledge Base article. After you install
                    this update, you may have to restart your system.
        System Folders
            Application Data    C:\Documents and Settings\All Users\Application Data
            Cookies    C:\Documents and Settings\Sid Bailey\Cookies
            Desktop    C:\Documents and Settings\Sid Bailey\Desktop
            Documents    C:\Documents and Settings\All Users\Documents
            Fonts    C:\WINDOWS\Fonts
            Global Favorites    C:\Documents and Settings\All Users\Favorites
            Internet History    C:\Documents and Settings\Sid Bailey\Local Settings\History
            Local Application Data    C:\Documents and Settings\Sid Bailey\Local Settings\Application Data
            Music    C:\Documents and Settings\All Users\Documents\My Music
            Path for burning CD    C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\CD Burning
            Physical Desktop    C:\Documents and Settings\Sid Bailey\Desktop
            Pictures    C:\Documents and Settings\All Users\Documents\My Pictures
            Program Files    C:\Program Files
            Public Desktop    C:\Documents and Settings\All Users\Desktop
            Start Menu    C:\Documents and Settings\All Users\Start Menu
            Start Menu Programs    C:\Documents and Settings\All Users\Start Menu\Programs
            Startup    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
            Templates    C:\Documents and Settings\All Users\Templates
            Temporary Internet Files    C:\Documents and Settings\Sid Bailey\Local Settings\Temporary Internet Files
            User Favorites    C:\Documents and Settings\Sid Bailey\Favorites
            Videos    C:\Documents and Settings\All Users\Documents\My Videos
            Windows Directory    C:\WINDOWS
            Windows/System    C:\WINDOWS\system32
        Process List
                agrsmsvc.exe
                    Process ID    2008
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\agrsmsvc.exe
                    Memory Usage    1.36 MB
                    Peak Memory Usage    1.36 MB
                alg.exe
                    Process ID    3264
                    Path    C:\WINDOWS\System32\alg.exe
                    Memory Usage    3.57 MB
                    Peak Memory Usage    3.57 MB
                AvastSvc.exe
                    Process ID    1340
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                    Memory Usage    40 MB
                    Peak Memory Usage    89 MB
                AvastUI.exe
                    Process ID    1452
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\AVAST Software\Avast\AvastUI.exe
                    Memory Usage    17 MB
                    Peak Memory Usage    66 MB
                CNQMMAIN.EXE
                    Process ID    1336
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
                    Memory Usage    14 MB
                    Peak Memory Usage    60 MB
                CNQMSWCS.EXE
                    Process ID    1416
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
                    Memory Usage    52 MB
                    Peak Memory Usage    52 MB
                CNQMUPDT.EXE
                    Process ID    820
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
                    Memory Usage    35 MB
                    Peak Memory Usage    35 MB
                csrss.exe
                    Process ID    600
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    \??\C:\WINDOWS\system32\csrss.exe
                    Memory Usage    4.12 MB
                    Peak Memory Usage    5.86 MB
                ctfmon.exe
                    Process ID    1512
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\WINDOWS\system32\ctfmon.exe
                    Memory Usage    3.23 MB
                    Peak Memory Usage    3.23 MB
                daemonu.exe
                    Process ID    2224
                    Path    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                    Memory Usage    5.22 MB
                    Peak Memory Usage    5.22 MB
                dllhost.exe
                    Process ID    4076
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\dllhost.exe
                    Memory Usage    6.20 MB
                    Peak Memory Usage    6.22 MB
                ehmsas.exe
                    Process ID    2388
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\WINDOWS\eHome\ehmsas.exe
                    Memory Usage    2.77 MB
                    Peak Memory Usage    2.77 MB
                ehrecvr.exe
                    Process ID    228
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\eHome\ehRecvr.exe
                    Memory Usage    4.75 MB
                    Peak Memory Usage    4.75 MB
                ehSched.exe
                    Process ID    288
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\eHome\ehSched.exe
                    Memory Usage    4.79 MB
                    Peak Memory Usage    4.85 MB
                ehtray.exe
                    Process ID    1196
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\WINDOWS\ehome\ehtray.exe
                    Memory Usage    1.48 MB
                    Peak Memory Usage    5.27 MB
                explorer.exe
                    Process ID    1964
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\WINDOWS\Explorer.EXE
                    Memory Usage    30 MB
                    Peak Memory Usage    35 MB
                firefox.exe
                    Process ID    1116
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Mozilla Firefox\firefox.exe
                    Memory Usage    113 MB
                    Peak Memory Usage    117 MB
                jqs.exe
                    Process ID    484
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Java\jre7\bin\jqs.exe
                    Memory Usage    1.67 MB
                    Peak Memory Usage    17 MB
                jusched.exe
                    Process ID    1356
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Common Files\Java\Java Update\jusched.exe
                    Memory Usage    2.91 MB
                    Peak Memory Usage    2.91 MB
                lsass.exe
                    Process ID    680
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\lsass.exe
                    Memory Usage    6.54 MB
                    Peak Memory Usage    6.54 MB
                mbam.exe
                    Process ID    2548
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
                    Memory Usage    32 MB
                    Peak Memory Usage    117 MB
                mbamscheduler.exe
                    Process ID    588
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
                    Memory Usage    8.00 MB
                    Peak Memory Usage    8.00 MB
                mbamservice.exe
                    Process ID    1932
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
                    Memory Usage    142 MB
                    Peak Memory Usage    228 MB
                mcrdsvc.exe
                    Process ID    2612
                    Path    C:\WINDOWS\ehome\mcrdsvc.exe
                    Memory Usage    3.05 MB
                    Peak Memory Usage    3.08 MB
                msmsgs.exe
                    Process ID    1468
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Messenger\msmsgs.exe
                    Memory Usage    4.89 MB
                    Peak Memory Usage    5.84 MB
                NvTmru.exe
                    Process ID    1288
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
                    Memory Usage    6.00 MB
                    Peak Memory Usage    6.02 MB
                RTHDCPL.exe
                    Process ID    1232
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\WINDOWS\RTHDCPL.EXE
                    Memory Usage    22 MB
                    Peak Memory Usage    22 MB
                services.exe
                    Process ID    668
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\services.exe
                    Memory Usage    4.32 MB
                    Peak Memory Usage    4.47 MB
                smss.exe
                    Process ID    544
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    \SystemRoot\System32\smss.exe
                    Memory Usage    432 KB
                    Peak Memory Usage    756 KB
                Speccy.exe
                    Process ID    1108
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\Speccy\Speccy.exe
                    Memory Usage    26 MB
                    Peak Memory Usage    41 MB
                spoolsv.exe
                    Process ID    1568
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\spoolsv.exe
                    Memory Usage    5.26 MB
                    Peak Memory Usage    6.60 MB
                svchost.exe
                    Process ID    852
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    5.12 MB
                    Peak Memory Usage    5.24 MB
                svchost.exe
                    Process ID    2360
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    3.83 MB
                    Peak Memory Usage    3.95 MB
                svchost.exe
                    Process ID    2428
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    4.28 MB
                    Peak Memory Usage    4.34 MB
                svchost.exe
                    Process ID    452
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\System32\svchost.exe
                    Memory Usage    3.39 MB
                    Peak Memory Usage    3.39 MB
                svchost.exe
                    Process ID    1276
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    4.91 MB
                    Peak Memory Usage    4.92 MB
                svchost.exe
                    Process ID    1152
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    3.56 MB
                    Peak Memory Usage    3.90 MB
                svchost.exe
                    Process ID    1012
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\System32\svchost.exe
                    Memory Usage    28 MB
                    Peak Memory Usage    28 MB
                svchost.exe
                    Process ID    912
                    Path    C:\WINDOWS\system32\svchost.exe
                    Memory Usage    4.64 MB
                    Peak Memory Usage    4.68 MB
                System
                    Process ID    4
                    Memory Usage    260 KB
                    Peak Memory Usage    12 MB
                System Idle Process
                    Process ID    0
                WifiSvc.exe
                    Process ID    2480
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
                    Memory Usage    4.49 MB
                    Peak Memory Usage    4.49 MB
                winlogon.exe
                    Process ID    624
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    \??\C:\WINDOWS\system32\winlogon.exe
                    Memory Usage    4.47 MB
                    Peak Memory Usage    12 MB
                WinPatrol.exe
                    Process ID    1048
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
                    Memory Usage    8.47 MB
                    Peak Memory Usage    8.49 MB
                wmiprvse.exe
                    Process ID    2088
                    Path    C:\WINDOWS\system32\wbem\wmiprvse.exe
                    Memory Usage    11 MB
                    Peak Memory Usage    11 MB
                wmiprvse.exe
                    Process ID    1456
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\wbem\wmiprvse.exe
                    Memory Usage    5.00 MB
                    Peak Memory Usage    5.01 MB
                wmpnetwk.exe
                    Process ID    2712
                    Path    C:\Program Files\Windows Media Player\WMPNetwk.exe
                    Memory Usage    14 MB
                    Peak Memory Usage    14 MB
                WPFFontCache_v0400.exe
                    Process ID    2816
                    Path    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
                    Memory Usage    3.91 MB
                    Peak Memory Usage    4.74 MB
                wuauclt.exe
                    Process ID    2692
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\WINDOWS\system32\wuauclt.exe
                    Memory Usage    6.77 MB
                    Peak Memory Usage    6.77 MB
                ZABackup Service.exe
                    Process ID    2564
                    User    SYSTEM
                    Domain    NT AUTHORITY
                    Path    C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
                    Memory Usage    7.09 MB
                    Peak Memory Usage    7.21 MB
                ZABackupBackground.exe
                    Process ID    3464
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
                    Memory Usage    4.10 MB
                    Peak Memory Usage    4.10 MB
                ZABackupTray.exe
                    Process ID    3012
                    User    Sid Bailey
                    Domain    YOUR-0C81E70C58
                    Path    C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
                    Memory Usage    8.63 MB
                    Peak Memory Usage    8.63 MB
        Security Options
            Accounts: Administrator account status    Enabled
            Accounts: Guest account status    Disabled
            Accounts: Limit local account use of blank passwords to console logon only    Enabled
            Accounts: Rename administrator account    Administrator
            Accounts: Rename guest account    Guest
            Audit: Audit the access of global system objects    Disabled
            Audit: Audit the use of Backup and Restore privilege    Disabled
            Audit: Shut down system immediately if unable to log security audits    Disabled
            DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not defined
            DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax    Not defined
            Devices: Allow undock without having to log on    Enabled
            Devices: Allowed to format and eject removable media    Administrators
            Devices: Prevent users from installing printer drivers    Disabled
            Devices: Restrict CD-ROM access to locally logged-on user only    Disabled
            Devices: Restrict floppy access to locally logged-on user only    Disabled
            Devices: Unsigned driver installation behavior    Not defined
            Domain controller: Allow server operators to schedule tasks    Not defined
            Domain controller: LDAP server signing requirements    Not defined
            Domain controller: Refuse machine account password changes    Not defined
            Domain member: Digitally encrypt or sign secure channel data (always)    Enabled
            Domain member: Digitally encrypt secure channel data (when possible)    Enabled
            Domain member: Digitally sign secure channel data (when possible)    Enabled
            Domain member: Disable machine account password changes    Disabled
            Domain member: Maximum machine account password age    30 days
            Domain member: Require strong (Windows 2000 or later) session key    Disabled
            Interactive logon: Display user information when the session is locked    Not defined
            Interactive logon: Do not display last user name    Disabled
            Interactive logon: Do not require CTRL+ALT+DEL    Not defined
            Interactive logon: Message text for users attempting to log on
            Interactive logon: Message title for users attempting to log on
            Interactive logon: Number of previous logons to cache (in case domain controller is not available)    10 logons
            Interactive logon: Prompt user to change password before expiration    14 days
            Interactive logon: Require Domain Controller authentication to unlock workstation    Disabled
            Interactive logon: Require smart card    Not defined
            Interactive logon: Smart card removal behavior    No Action
            Microsoft network client: Digitally sign communications (always)    Disabled
            Microsoft network client: Digitally sign communications (if server agrees)    Enabled
            Microsoft network client: Send unencrypted password to third-party SMB servers    Disabled
            Microsoft network server: Amount of idle time required before suspending session    15 minutes
            Microsoft network server: Digitally sign communications (always)    Disabled
            Microsoft network server: Digitally sign communications (if client agrees)    Disabled
            Microsoft network server: Disconnect clients when logon hours expire    Enabled
            Network access: Allow anonymous SID/Name translation    Disabled
            Network access: Do not allow anonymous enumeration of SAM accounts    Enabled
            Network access: Do not allow anonymous enumeration of SAM accounts and shares    Disabled
            Network access: Do not allow storage of credentials or .NET Passports for network authentication    Disabled
            Network access: Let Everyone permissions apply to anonymous users    Disabled
            Network access: Named Pipes that can be accessed anonymously    COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
            Network access: Remotely accessible registry paths    System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
            Network access: Shares that can be accessed anonymously    COMCFG,DFS$
            Network access: Sharing and security model for local accounts    Guest only - local users authenticate as Guest
            Network security: Do not store LAN Manager hash value on next password change    Disabled
            Network security: Force logoff when logon hours expire    Disabled
            Network security: LAN Manager authentication level    Send LM & NTLM responses
            Network security: LDAP client signing requirements    Negotiate signing
            Network security: Minimum session security for NTLM SSP based (including secure RPC) clients    No minimum
            Network security: Minimum session security for NTLM SSP based (including secure RPC) servers    No minimum
            Recovery console: Allow automatic administrative logon    Enabled
            Recovery console: Allow floppy copy and access to all drives and all folders    Enabled
            Shutdown: Allow system to be shut down without having to log on    Enabled
            Shutdown: Clear virtual memory pagefile    Disabled
            System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing    Disabled
            System objects: Default owner for objects created by members of the Administrators group    Object creator
            System objects: Require case insensitivity for non-Windows subsystems    Enabled
            System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)    Enabled
        Device Tree
                ACPI Uniprocessor PC
                        Microsoft ACPI-Compliant System
                            ACPI Fan
                            ACPI Fixed Feature Button
                            ACPI Power Button
                            ACPI Thermal Zone
                            AMD Athlon Processor 2650e
                            Microsoft Windows Management Interface for ACPI
                            System board
                                PCI bus
                                    Motherboard resources
                                    Motherboard resources
                                    NVIDIA nForce PCI System Management
                                    PCI standard host CPU bridge
                                    PCI standard host CPU bridge
                                    PCI standard host CPU bridge
                                    PCI standard host CPU bridge
                                    PCI standard PCI-to-PCI bridge
                                    PCI standard PCI-to-PCI bridge
                                    PCI standard PCI-to-PCI bridge
                                    PCI standard RAM Controller
                                    PCI standard RAM Controller
                                        PCI standard ISA bridge
                                            Direct memory access controller
                                            High precision event timer
                                            ISAPNP Read Data Port
                                            Motherboard resources
                                            Numeric data processor
                                            Programmable interrupt controller
                                            System CMOS/real time clock
                                            System speaker
                                            System timer
                                        Standard OpenHCD USB Host Controller
                                                USB Root Hub
                                                        USB Composite Device
                                                                USB Human Interface Device
                                                                    HID Keyboard Device
                                                                USB Human Interface Device
                                                                    HID-compliant consumer control device
                                                                    HID-compliant device
                                                        USB Composite Device
                                                                USB Human Interface Device
                                                                    HID-compliant mouse
                                                                USB Human Interface Device
                                                                    HID-compliant consumer control device
                                                                    HID-compliant device
                                                                    HID-compliant device
                                        Standard Enhanced PCI to USB Host Controller
                                                USB Root Hub
                                                        USB Mass Storage Device
                                                                Generic- Compact Flash USB Device
                                                                    Generic volume
                                                                Multiple Flash Reader USB Device
                                                                    Generic volume
                                        Microsoft UAA Bus Driver for High Definition Audio
                                            Realtek High Definition Audio
                                        Standard Dual Channel PCI IDE Controller
                                            Primary IDE Channel
                                            Secondary IDE Channel
                                        NVIDIA Network Bus Enumerator
                                            NVIDIA nForce 10/100/1000 Mbps Networking Controller
                                        NVIDIA nForce Serial ATA Controller
                                            HL-DT-ST DVDRAM GH40F SCSI CdRom Device
                                        NVIDIA nForce Serial ATA Controller
                                            ST316081 5AS SCSI Disk Device
                                        PCI standard PCI-to-PCI bridge
                                            Agere Systems PCI-SV92EX Soft Modem
                                        NVIDIA GeForce 6150SE nForce 430
                                            Plug and Play Monitor
CPU
        AMD Athlon Neo MV-26
            Cores    1
            Threads    1
            Name    AMD Athlon Neo MV-26
            Code Name    Huron
            Package    Socket AM2 (940)
            Technology    65nm
            Specification    AMD Athlon Processor 2650e
            Family    F
            Extended Family    F
            Model    F
            Extended Model    7F
            Stepping    2
            Revision    DH-G2
            Instructions    MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64, NX, VMX
            Virtualization    Supported, Disabled
            Hyperthreading    Not supported
            Fan Speed    639 RPM
            Bus Speed    200.9 MHz
            Rated Bus Speed    803.7 MHz
            Stock Core Speed    1600 MHz
            Stock Bus Speed    200 MHz
            Average Temperature    46 °C
                Caches
                    L1 Data Cache Size    64 KBytes
                    L1 Instructions Cache Size    64 KBytes
                    L2 Unified Cache Size    512 KBytes
                Cores
                        Core 0
                            Core Speed    1607.4 MHz
                            Multiplier    x 8.0
                            Bus Speed    200.9 MHz
                            Rated Bus Speed    803.7 MHz
                            Temperature    46 °C
                            Threads    APIC ID: 0
RAM
        Memory slots
            Total memory slots    2
            Used memory slots    2
            Free memory slots    0
        Memory
            Type    DDR2
            Size    1536 MBytes
            Channels #    Single
            DRAM Frequency    267.9 MHz
            CAS# Latency (CL)    4 clocks
            RAS# to CAS# Delay (tRCD)    4 clocks
            RAS# Precharge (tRP)    4 clocks
            Cycle Time (tRAS)    12 clocks
            Bank Cycle Time (tRC)    17 clocks
            Command Rate (CR)    1T
        Physical Memory
            Memory Usage    54 %
            Total Physical    1.37 GB
            Available Physical    637 MB
            Total Virtual    5.23 GB
            Available Virtual    4.53 GB
        SPD
            Number Of SPD Modules    2
                Slot #1
                    Type    DDR2
                    Size    512 MBytes
                    Manufacturer    MOSEL
                    Max Bandwidth    PC2-4300 (266 MHz)
                    Part Number    V916764K24QAFW-E4
                    Serial Number    377A0B8D
                    Week/year    23 / 06
                        JEDEC #3
                            Frequency    266.7 MHz
                            CAS# Latency    5.0
                            RAS# To CAS#    4
                            RAS# Precharge    4
                            tRAS    11
                            tRC    15
                            Voltage    1.800 V
                        JEDEC #2
                            Frequency    266.7 MHz
                            CAS# Latency    4.0
                            RAS# To CAS#    4
                            RAS# Precharge    4
                            tRAS    11
                            tRC    15
                            Voltage    1.800 V
                        JEDEC #1
                            Frequency    200.0 MHz
                            CAS# Latency    3.0
                            RAS# To CAS#    3
                            RAS# Precharge    3
                            tRAS    8
                            tRC    11
                            Voltage    1.800 V
                Slot #2
                    Type    DDR2
                    Size    1024 MBytes
                    Manufacturer    Samsung
                    Max Bandwidth    PC2-6400 (400 MHz)
                    Part Number    M3 78T2863QZS-CF7
                    Serial Number    818AFE0B
                    Week/year    13 / 09
                        JEDEC #3
                            Frequency    400.0 MHz
                            CAS# Latency    6.0
                            RAS# To CAS#    6
                            RAS# Precharge    6
                            tRAS    18
                            tRC    24
                            Voltage    1.800 V
                        JEDEC #2
                            Frequency    333.3 MHz
                            CAS# Latency    5.0
                            RAS# To CAS#    5
                            RAS# Precharge    5
                            tRAS    16
                            tRC    21
                            Voltage    1.800 V
                        JEDEC #1
                            Frequency    266.7 MHz
                            CAS# Latency    4.0
                            RAS# To CAS#    4
                            RAS# Precharge    4
                            tRAS    12
                            tRC    16
                            Voltage    1.800 V
Motherboard
    Manufacturer    eMachines
    Model    WMCP61M (Socket AM2 )
    Version    R01-A1
    Chipset Vendor    NVIDIA
    Chipset Model    MCP61
    Chipset Revision    A3
    Southbridge Vendor    NVIDIA
    Southbridge Model    MCP61
    Southbridge Revision    A2
    System Temperature    43 °C
        BIOS
            Brand    Phoenix Technologies, LTD
            Version    R01-A1
            Date    2/16/2009
        Voltage
            CPU CORE    1.664 V
            MEMORY CONTROLLER    2.496 V
            +3.3V    1.984 V
            +5V    4.973 V
            +12V    9.984 V
            -12V    (4.800) V
            -5V    (3.968) V
            +5V HIGH THRESHOLD    4.919 V
            CMOS BATTERY    3.168 V
        PCI Data
                Slot PCI-E
                    Slot Type    PCI-E
                    Slot Usage    Available
                    Data lanes    x1
                    Slot Designation    PCIE-1
                    Characteristics    5V, PME
                    Slot Number    0
Graphics
        Monitor
            Name    E202H on NVIDIA GeForce 6150SE nForce 430
            Current Resolution    1280x800 pixels
            Work Resolution    1280x770 pixels
            State    Enabled, Primary, Output devices support
            Monitor Width    1280
            Monitor Height    800
            Monitor BPP    32 bits per pixel
            Monitor Frequency    60 Hz
            Device    \\.\DISPLAY1\Monitor0
        NVIDIA GeForce 6150SE nForce 430
            Manufacturer    NVIDIA
            Model    GeForce 6150SE nForce 430
            GPU    MCP61P
            Device ID    10DE-03D0
            Revision    A3
            Subvendor    Acer Incorporated [ALI] (1025)
            Current Performance Level    Level 0
            DirectX Support    9.0c
            DirectX Shader Model    3.0
            OpenGL Support    2.0
            Bus Interface    FPCI
            GPU Clock    425 MHz
            Memory Clock    532 MHz
            Driver version    6.14.13.783
            BIOS Version    5.61.32.25.16
            ROPs    2
            Shaders    Vertex 2/Pixel 21
            Memory Type    System
            Physical Memory    128 MB
            Virtual Memory    512 MB
            Pixel Fillrate    0.8 GPixels/s
            Texture Fillrate    0.8 GTexels/s
                Count of performance levels : 1
                        Level 1
                            GPU Clock    425 MHz
                            Memory Clock    532 MHz
Storage
        Hard drives
                ST316081 5AS SCSI Disk Device
                    Manufacturer    Seagate
                    Form Factor    3.5"
                    Heads    16
                    Cylinders    19,457
                    Tracks    4,961,535
                    Sectors    312,576,705
                    SATA type    SATA-II 3.0Gb/s
                    Device type    Fixed
                    ATA Standard    ATA/ATAPI-7
                    Serial Number    6RX97KCE
                    LBA Size    48-bit LBA
                    Power On Count    2302 times
                    Power On Time    1345.2 days
                    Features    S.M.A.R.T., NCQ
                    Max. Transfer Mode    SATA II 3.0Gb/s
                    Used Transfer Mode    SATA II 3.0Gb/s
                    Interface    SATA
                    Capacity    149 GB
                    Real size    160,041,885,696 bytes
                    RAID Type    None
                        S.M.A.R.T
                            Status    Good
                            Temperature    50 °C
                            Temperature Range    Warning (50 °C to 55 °C)
                            01 Read Error Rate    100 (253) Data 0000000000
                            03 Spin-Up Time    097 (097) Data 0000000000
                            04 Start/Stop Count    098 (098) Data 00000008FE
                            05 Reallocated Sectors Count    100 (100) Data 0000000000
                            07 Seek Error Rate    089 (060) Data 0032EB6928
                            09 Power-On Hours (POH)    064 (064) Data 0000007E1C
                            0A Spin Retry Count    100 (100) Data 0000000000
                            0C Device Power Cycle Count    098 (098) Data 00000008FE
                            BB Reported Uncorrectable Errors    100 (100) Data 0000000000
                            BD High Fly Writes (WDC)    100 (100) Data 0000000000
                            BE Temperature Difference from 100    050 (042) Data 0032310032
                            C2 Temperature    050 (058) Data 0000000032
                            C3 Hardware ECC Recovered    077 (070) Data 00015257B4
                            C5 Current Pending Sector Count    100 (100) Data 0000000000
                            C6 Uncorrectable Sector Count    100 (100) Data 0000000000
                            C7 UltraDMA CRC Error Count    200 (200) Data 0000000000
                            C8 Write Error Rate / Multi-Zone Error Rate    100 (253) Data 0000000000
                            CA Data Address Mark errors    100 (253) Data 0000000000
                        Partition 0
                            Partition ID    Disk #0, Partition #0
                            Size    10.0 GB
                        Partition 1
                            Partition ID    Disk #0, Partition #1
                            Disk Letter    C:
                            File System    NTFS
                            Volume Serial Number    2417E727
                            Size    139 GB
                            Used Space    23.8 GB (18%)
                            Free Space    115 GB (82%)
Optical Drives
        HL-DT-ST DVDRAM GH40F SCSI CdRom Device
            Media Type    DVD Writer
            Name    HL-DT-ST DVDRAM GH40F SCSI CdRom Device
            Availability    Running/Full Power
            Capabilities    Random Access, Supports Removable Media
            Read capabilities    CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD-RW DL, DVD+R DL
            Write capabilities    CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
            Config Manager Error Code    Device is working properly
            Config Manager User Config    FALSE
            Drive    D:
            Media Loaded    FALSE
            SCSI Bus    1
            SCSI Logical Unit    0
            SCSI Port    2
            SCSI Target Id    1
            Status    OK
Audio
        Sound Card
            Realtek High Definition Audio
        Playback Device
            Realtek HD Audio Input
        Recording Device
            Realtek HD Audio output
        Speaker Configuration
        Speaker Configuration
            Speaker type    Stereo
Peripherals
        HID Keyboard Device
            Device Kind    Keyboard
            Device Name    HID Keyboard Device
            Vendor    Unknown
            Location    Location 0
                Driver
                    Date    7-1-2001
                    Version    5.1.2600.5512
                    File    C:\WINDOWS\system32\DRIVERS\kbdhid.sys
                    File    C:\WINDOWS\system32\DRIVERS\kbdclass.sys
        HID-compliant mouse
            Device Kind    Mouse
            Device Name    HID-compliant mouse
            Vendor    Logitech
            Location    Location 0
                Driver
                    Date    7-1-2001
                    Version    5.1.2600.0
                    File    C:\WINDOWS\system32\DRIVERS\mouclass.sys
                    File    C:\WINDOWS\system32\DRIVERS\mouhid.sys
        Printers
                Canon MG2200 series Printer (Default Printer)
                    Printer Port    USB002
                    Print Processor    Canon MG2200 series Print Processor
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    4294967293 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    Canon MG2200 series Printer (v12.09)
                            Driver Path    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDRB6.DLL
                Microsoft XPS Document Writer
                    Printer Port    XPSPort:
                    Print Processor    WinPrint
                    Availability    Always
                    Priority    1
                    Duplex    None
                    Print Quality    600 * 600 dpi Color
                    Status    Unknown
                        Driver
                            Driver Name    Microsoft XPS Document Writer (v6.00)
                            Driver Path    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
    You are connected to the internet
    Connected through    NVIDIA nForce Networking Controller - Packet Scheduler Miniport
    IP Address    192.168.0.5
    Subnet mask    255.255.255.0
    Gateway server    192.168.0.1
    Preferred DNS server    8.8.8.8
    Alternate DNS server    8.8.4.4
    Alternate DNS server    209.55.27.13
    DHCP    Enabled
    DHCP server    192.168.0.1
    External IP Address    24.49.18.105
    Adapter Type    Ethernet
    NetBIOS over TCP/IP    Enabled via DHCP
    NETBIOS Node Type    Unknown node type
    Link Speed    0 Bps
        Computer Name
            NetBIOS Name    YOUR-0C81E70C58
            DNS Name    YOUR-0C81E70C58
            Membership    Part of workgroup
            Workgroup    MSHOME
        Remote Desktop
            Disabled
                Console
                    State    Active
                    Domain    YOUR-0C81E70C58
        WinInet Info
            LAN Connection
            Local system uses a local area network to connect to the Internet
            Local system has RAS to connect to the Internet
        Wi-Fi Info
            Wi-Fi not enabled
        WinHTTPInfo
            WinHTTPSessionProxyType    No proxy
            Session Proxy
            Session Proxy Bypass
            Connect Retries    5
            Connect Timeout (ms)    60,000
            HTTP Version    HTTP 1.1
            Max Connects Per 1.0 Servers    INFINITE
            Max Connects Per Servers    INFINITE
            Max HTTP automatic redirects    10
            Max HTTP status continue    10
            Send Timeout (ms)    30,000
            IEProxy Auto Detect    Yes
            IEProxy Auto Config
            IEProxy
            IEProxy Bypass
            Default Proxy Config Access Type    No proxy
            Default Config Proxy
            Default Config Proxy Bypass
        Sharing and Discovery
            File and printer sharing service    Enabled
            Simple File Sharing    Enabled
            Administrative Shares    Enabled
            Network access: Sharing and security model for local accounts    Guest only - local users authenticate as Guest
        Adapters List
                Enabled
                        NVIDIA nForce Networking Controller - Packet Scheduler Miniport
                            Connection Name    Local Area Connection
                            NetBIOS over TCPIP    No
                            DHCP enabled    Yes
                            MAC Address    00-1D-72-BA-84-1F
                            IP Address    192.168.0.5
                            Subnet mask    255.255.255.0
                            Gateway server    192.168.0.1
                            DHCP    192.168.0.1
                            DNS Server    8.8.8.8
                            8.8.4.4
                            209.55.27.13
        Network Shares
            No network shares
        Current TCP Connections
                C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1340)
                    Local 127.0.0.1:12025    LISTEN
                    Local 127.0.0.1:12080    LISTEN
                    Local 127.0.0.1:12110    LISTEN
                    Local 127.0.0.1:12119    LISTEN
                    Local 127.0.0.1:12143    LISTEN
                    Local 127.0.0.1:12465    LISTEN
                    Local 127.0.0.1:12563    LISTEN
                    Local 192.168.0.5:1181    CLOSE-WAIT Remote 199.189.105.116:80 (Querying... ) (HTTP)
                    Local 127.0.0.1:27275    LISTEN
                    Local 127.0.0.1:12995    LISTEN
                    Local 127.0.0.1:12993    LISTEN
                    Local 192.168.0.5:1056    ESTABLISHED Remote 77.234.43.60:80 (Querying... ) (HTTP)
                C:\Program Files\AVAST Software\Avast\AvastUI.exe (1452)
                    Local 192.168.0.5:1164    ESTABLISHED Remote 23.209.46.13:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1165    ESTABLISHED Remote 23.209.46.13:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1166    ESTABLISHED Remote 23.209.46.13:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1167    ESTABLISHED Remote 23.209.46.13:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1168    ESTABLISHED Remote 23.209.46.13:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1180    ESTABLISHED Remote 23.209.46.13:80 (Querying... ) (HTTP)
                    Local 192.168.0.5:1161    CLOSE-WAIT Remote 208.43.71.148:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1169    CLOSE-WAIT Remote 173.194.112.94:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1170    CLOSE-WAIT Remote 173.194.112.94:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1231    CLOSE-WAIT Remote 184.170.67.219:80 (Querying... ) (HTTP)
                    Local 192.168.0.5:1162    LAST-ACK Remote 184.170.67.219:80 (Querying... ) (HTTP)
                C:\Program Files\Java\jre7\bin\jqs.exe (484)
                    Local 127.0.0.1:5152    LISTEN
                C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2224)
                    Local 127.0.0.1:2559    LISTEN
                C:\WINDOWS\System32\alg.exe (3264)
                    Local 127.0.0.1:1036    LISTEN
                C:\WINDOWS\system32\svchost.exe (912)
                    Local 0.0.0.0:135 (DCE)    LISTEN
                System Process
                    Local 192.168.0.5:1237    TIME-WAIT Remote 108.171.164.205:80 (Querying... ) (HTTP)
                    Local 192.168.0.5:1235    TIME-WAIT Remote 77.234.41.70:80 (Querying... ) (HTTP)
                    Local 192.168.0.5:1228    TIME-WAIT Remote 8.18.233.28:443 (Querying... ) (HTTPS)
                    Local 192.168.0.5:1195    TIME-WAIT Remote 63.140.40.220:443 (Querying... ) (HTTPS)
                System Process
                    Local 0.0.0.0:445 (Windows shares)    LISTEN
                    Local 192.168.0.5:139 (NetBIOS session service)    LISTEN
Generated with Speccy v1.25.674

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 22/04/2014 9:42:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/04/2014 9:35:55 PM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Oldrailroadgeek-Sid


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Wonder why ZA is using Kaspersky drivers?  That's something new.

 

Doesn't look too bad.  Getting some errors in the hard drive which is running a bit hot.  Probably needs to have the PC opened and the air vents vacuumed out.  Leave it plugged in when you do it so it doesn't build up static.  Also clean around the CPU heatsink and the fans.

 

The high interrupts seen in Process Explorer is probably due to a bad driver.

Interrupts    3.13    0 K    0 K    n/a    Hardware Interrupts and DPCs  

 

 This can cause freezing as the intercepts have a much bigger effect on the PC than you would think.  Normal value is around 1.  I would look to see if there is a newer video driver if you were going to use it for watching videos.  Should be good enough for your mother tho.

 

http://www.geforce.com/drivers has a button to detect your video and tell you what driver you need.

 

If you are going to give this one to your mother it won't matter much but I will give you my standard goodbye:

 

You can uninstall or delete any tools we had you download and their logs. 
 
If we ran Combofix:
To uninstall combofix, copy the next line:
 
"%userprofile%\Desktop\combofix.exe" /Uninstall
 
Start, Run, cmd, OK then right click, Paste, then hit Enter.
 
 
 
OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.
 
To hide hidden files again (If you do not run OTL cleanup):
 
XP
 
# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option. 
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 45 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  If that is the case then you should go in to Control panels, Java, Security and set the slider to the highest level.
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. 
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
To help keep your programs up-to-date you should download and run the UpdateChecker:
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.    You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas.  If you don't use MSN Messenger I would not upgdate it.  MS installs a bunch of stuff when you do.  You can tell the program to not show you that update.)
If you use Firefox or Chrome then get the AdBlock Plus Add-on.  Adblock Plus is now available for IE too:
adblockplus.org/?
 
If Firefox or Chrome is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox .  Click on Optimize.  When it finishes click on Exit.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.
 
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
 
XP does not automatically run defrag so it needs to be done manually every couple of months or it will slow down.  http://support.microsoft.com/kb/314848
 
 
XP has been out a long time so most XP computers are starting to get clogged with dust.  This makes them overheat which will also slow them down.  To clean a desktop, shut it down but leave it plugged in.  Remove the lid or open it up and use a vacuum cleaner hose and a small brush to clean the air vents in the front and back and the fins of the heatsink and of the fans - including the fan of the power supply.  You may need to unscrew the four screws that hold the fan to the heatsink and lift the fan off to really clean the heatsink.  Start it up while the lid is off and watch the fan (after screwing it back down again if you removed it).  It should start up right away and be at full speed in no time (it may stop running shortly after starting - this is normal).  A fan that is slow starting or which makes noise is worn out and needs to be replaced.  Cleaning a laptop is unfortunately major surgery for most brands.  Make sure the vents are clear and that it is run on a hard surface.  Never on a bed or your lap as that blocks the air vents.  Propping up the back with a book without blocking the air vents will make it run a bit cooler.  If you think it might be running hot you can get speedfan
 
Download, save and Install it then run it.
 
It will tell you your temps (if the PC is new enough).  If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop.  If temps are over 80, the CPU will slow down to protect itself.  Disassembling a laptop to clean it isn't that hard.  There are usually YouTube videos for most brands that show you how to do it if you search for them.  Most times you just need some small screwdrivers and maybe a long nose pliers.  The hardest part is reassembling it and getting all of the screws in the right places so takes notes or lots of pictures.  If you take it apart then you should also pull the heatsink and clean it and replace the old thermal pads with Arctic Silver Thermal compound.  Amazon has a kit of cleaner and compound http://www.amazon.co...n/dp/B001FVI91U which I have used.
 
Make sure you have Windows update working and preferably on Automatic download and install.  Go to Internet Explorer, Tools, (or Safety), Windows Updates, Express  and see if it has any updates for you.
 
I should add that since XP is no longer supported you should stop using IE if you do go on line.  Use Firefox or Chrome instead.

  • 1

#9
oldrailroadgeek

oldrailroadgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts

RKinner,

     Will search for outdated Java products and remove.  Vacuum cleaner will go to work on the PC in the morning, I'm not very good on keeping up with the interior of my PC, knowing it's very important, I have a tendency to think "Tomorrow  will be soon enough" and then forget it until everyone else is in bed & I still haven't done it!  I'll go through the other suggestions and complete them in the order suggested.  I really appreciate all your help in solving this problem.  I've had my new system build for two weeks and have not touched it {Except for the initial test after installing Win 8.1} until I was satisfied that this unit was working properly and could transfer all my files to the new unit:  AMD A6-5400K Trinity 3.6Ghz; MSI A88X-G43 FM2+ /FM2 AMD 88X (Bolton D4) HDMI; Cougar Solutions AF-2 case w/ 3 fans; WD10EZEX 1T 7200RPM HDD; G.SKILL Ripjaw 4GB(2x2) Ram; CORSAIR CX430 modular PSU; LG Multi Drive GH24NSBO DVDR/W; Win 8.1 OS; VIZIO 22" Monitor

Again thanks for all your help!

Oldrailroadgeek Sid


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP