Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP2 keeps returning after Antimalware removal!


  • Please log in to reply

#1
oldrailroadgeek

oldrailroadgeek

    Member

  • Member
  • PipPip
  • 83 posts

PUP2 keeps coming back every day after quarantined removal by Malewarebytes Antimaleware Premium with computer disconnected from internet by removal of DSL line connection.  PUP first showed up while this PC was still in use for internet service.  While trying to download speedyfox from g2g link, I inadvertently clicked the wrong download button for speedyfox and didn't realize it until I began the installation.  I immediately ran the uninstall of the program and decided I did not require speedyfox as I was replacing this computer for internet service.  The next morning I had a report from Malewarebytes that a non-malicious threat had been quarantined and I OKed the removal of the threat.  {Malewarebytes automatically scans this computer daily at 2:00am and the report is displayed on the desktop every morning}  I proceeded to disconnect the DSL line from this PC and installed it on the new PC.  I continue to use this PC for prep of files for transfer to the new PC and to use the programs on this computer for my personal finances as I am not at all familiar with Win 8.1 on the new unit.  Every morning with out internet service on this unit I get the same alert message from Malewarebytes that this same PUP has been detected and they have quarantined it for removal when I click OK, which I do.  How does this PUP keep returning with no internet access.  Malewarebytes updates daily when the PC is connected to the DSL, so it was up-to-date when I removed the DSL.  How do I remove this PUP permanently?

Oldrailroadgeek

OTL.txt

OTL logfile created on: 5/3/2014 10:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.37 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 25.77% Memory free
5.23 Gb Paging File | 4.27 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 114.82 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/03 22:03:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\My Documents\Downloads\OTL.exe
PRC - [2014/04/29 21:37:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/22 21:10:45 | 000,533,568 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/04/22 20:51:34 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/22 20:51:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/02 09:30:11 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/02 09:29:55 | 001,617,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012/04/03 14:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 14:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 14:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/03/11 12:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 12:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/03 16:23:47 | 002,252,800 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
MOD - [2014/05/01 20:11:30 | 001,020,928 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2014/04/29 21:37:33 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/04/29 03:03:28 | 016,351,920 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/04/22 20:51:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/04/22 14:39:24 | 000,645,592 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/09/22 03:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 03:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 03:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 03:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 03:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 03:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 03:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 03:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 03:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 03:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 03:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 03:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 03:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 11:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/04/29 21:37:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/29 03:03:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/22 20:51:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/04/02 09:29:55 | 001,617,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lcmjpwf.sys -- (ifxqgb)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/05/03 21:37:19 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/22 20:51:37 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/04/22 20:51:37 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/04/22 20:51:37 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/04/22 20:51:37 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/04/22 20:51:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/04/22 20:51:37 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/04/22 20:51:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/04/22 20:51:37 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/09/10 23:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/01/17 17:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 17:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 17:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/29 13:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 13:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 21:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/10 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd.                                               ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=185964165&ir=
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=185964165&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=185964165&ir=
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/22 20:51:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/01/19 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2014/05/01 20:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions
[2014/05/01 20:11:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]
[2014/04/10 16:19:49 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
[2014/04/29 21:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/04/29 21:37:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/04/29 21:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 21:37:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/22 20:51:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/03/13 20:19:05 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/01 20:11:31 | 011,211,264 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2014/05/01 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
[2014/05/01 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2014/05/01 20:11:19 | 000,000,000 | ---D | C] -- C:\LastPass_1730492534
[2014/05/01 20:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
[2014/04/29 21:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/25 19:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\SSB
[2014/04/25 19:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\MOB
[2014/04/25 19:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\Church Related
[2014/04/25 19:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
[2014/04/23 20:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Foolish IT
[2014/04/23 20:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
[2014/04/23 20:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
[2014/04/23 20:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
[2014/04/23 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2014/04/22 23:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
[2014/04/22 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/04/22 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Temp
[2014/04/22 21:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
[2014/04/22 20:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/04/22 20:51:40 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/22 20:51:40 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/22 20:51:40 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/22 20:51:40 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/22 20:51:40 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/22 20:51:39 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/22 20:51:37 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/22 20:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/22 20:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/04/22 20:17:19 | 004,845,384 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
[2014/04/22 20:11:24 | 002,925,760 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
[2014/04/22 09:25:58 | 088,882,192 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
[2014/04/21 08:27:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/16 23:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/13 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
[2014/04/13 23:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tune-Up
[2014/04/13 23:17:35 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/13 23:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/13 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/10 15:37:31 | 000,000,000 | ---D | C] -- C:\12bdf20f60ec5535a09cbe
[2014/04/09 14:18:36 | 000,000,000 | ---D | C] -- C:\f44a78990ffdc5e00561dc6ca7
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/03 22:03:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/03 21:37:19 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/03 21:11:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2014/05/03 20:32:14 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/03 20:32:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/03 20:31:59 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/03 20:31:59 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/05/03 11:03:20 | 000,040,986 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2014/05/01 20:11:35 | 011,211,264 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2014/05/01 20:11:35 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2014/05/01 20:11:30 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2014/05/01 20:11:23 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2014/04/30 11:08:48 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
[2014/04/30 10:50:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
[2014/04/30 10:46:53 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
[2014/04/28 15:20:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
[2014/04/26 11:02:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/04/26 01:05:41 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2014/04/25 19:49:37 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
[2014/04/25 16:21:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2014/04/23 20:45:42 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
[2014/04/23 20:33:04 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
[2014/04/23 19:19:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/23 11:04:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
[2014/04/22 23:23:08 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2014/04/22 20:52:05 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/22 20:51:37 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/22 20:51:37 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/22 20:51:37 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/22 20:51:37 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/22 20:51:37 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/22 20:51:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/22 20:51:37 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/22 20:51:37 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/22 20:51:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/22 20:51:37 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 20:18:35 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
[2014/04/22 20:17:32 | 004,845,384 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
[2014/04/22 20:11:32 | 002,925,760 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
[2014/04/22 15:49:34 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
[2014/04/22 09:28:24 | 088,882,192 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
[2014/04/21 16:34:07 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/21 16:34:07 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/17 19:28:08 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:11:27 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/13 23:17:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2014/04/09 10:07:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:24:33 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 13:10:22 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2014/04/04 13:45:54 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/01 20:11:35 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2014/05/01 20:11:30 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2014/05/01 20:11:23 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2014/04/30 11:08:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
[2014/04/30 10:50:38 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
[2014/04/30 10:46:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
[2014/04/28 15:20:38 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
[2014/04/25 19:49:37 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
[2014/04/25 16:21:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2014/04/23 20:45:42 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
[2014/04/23 20:33:04 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
[2014/04/23 11:01:48 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
[2014/04/22 21:20:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/22 20:52:05 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/22 20:51:40 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/22 20:51:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/22 20:51:40 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 20:37:15 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/22 20:18:28 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
[2014/04/17 19:28:07 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:11:26 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2014/04/09 14:25:12 | 000,102,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/04 13:45:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2013/10/29 23:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 23:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 23:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/09/07 19:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 03:24:20 | 001,054,366 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 03:24:13 | 000,199,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 19:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 12:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 12:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 01:38:54 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 15:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 09:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 12:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 15:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 18:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/01/31 11:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/17 17:07:06 | 000,040,986 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2005/01/09 21:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/24 20:53:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/15 13:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/04/22 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/11 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/12/05 20:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/12/05 20:49:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/12/10 17:12:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMIG
[2013/09/01 17:32:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/12/10 16:45:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/12/05 20:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/11 13:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/17 17:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/28 22:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/23 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/11 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 17:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/07/29 12:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/09/18 22:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/03/29 11:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2014/04/22 21:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
[2012/01/30 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVG
[2013/12/10 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\canon
[2013/11/12 14:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CheckPoint
[2014/04/23 20:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
[2014/04/23 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
[2012/04/05 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DVDVideoSoft
[2013/07/24 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\EurekaLog
[2013/09/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MailFrontier
[2012/05/22 19:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MusicOasis
[2014/01/22 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\OpenOffice
[2013/12/26 21:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Oracle
[2013/03/18 11:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\SmartPCFix
[2012/01/20 22:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Special K Software
[2014/03/13 12:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Template
[2014/02/01 22:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation

< End of report >
 

OTL Extras

OTL Extras logfile created on: 5/3/2014 10:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.37 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 25.77% Memory free
5.23 Gb Paging File | 4.27 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 114.82 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Reconnect To Technician] -- cmd.exe /c start iexplore.exe logmein123.com (Microsoft Corporation)
Directory [Start Team Viewer] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS) -- (NVIDIA Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C511D4D-FBD5-4748-822C-4E51BC0CC87E}" = ZoneAlarm DataLock
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MG2200 series User Registration" = Canon MG2200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Card Games for Windows" = Card Games for Windows
"FileHippo.com" = FileHippo.com Update Checker
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LastPass" = LastPass (uninstall only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tune-Up" = PC Tune-Up
"Speccy" = Speccy
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Sites" = Update for Mipony Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/23/2014 8:24:56 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....4251B18118.crt>
 with error: This operation returned because the timeout period expired.  
 
Error - 4/24/2014 9:28:25 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
 <http://www.download....52A41D829C.crt>
 with error: This operation returned because the timeout period expired.  
 
[ System Events ]
Error - 4/24/2014 8:23:36 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MBAMService service.
 
Error - 4/25/2014 2:34:16 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MBAMService service.
 
Error - 4/30/2014 10:40:43 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MBAMService service.
 
Error - 4/30/2014 1:28:44 PM | Computer Name = YOUR-0C81E70C58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring
 the volume.
 
Error - 5/2/2014 10:17:38 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
 service-specific error 2147500037 (0x80004005).
 
Error - 5/2/2014 10:18:08 AM | Computer Name = YOUR-0C81E70C58 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
 with DCOM within the required timeout.
 
Error - 5/3/2014 10:12:11 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 5/3/2014 10:12:25 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 5/3/2014 10:12:33 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
 
Error - 5/3/2014 8:33:08 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the MBAMService service.
 
 
< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 1

    #3
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

         The PUP that MBAM quarantined is Mysearchdial.A

    Here are the loga

    # AdwCleaner v3.207 - Report created 05/05/2014 at 16:24:08
    # Updated 05/05/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Sid Bailey - YOUR-0C81E70C58
    # Running from : C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\File Type Assistant
    Folder Deleted : C:\Program Files\vGrabber-software
    Folder Deleted : C:\Program Files\Web Protect
    Folder Deleted : C:\DOCUME~1\SIDBAI~1\LOCALS~1\Temp\mt_ffx
    Folder Deleted : C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\Extensions\staged\[email protected]
    File Deleted : C:\DOCUME~1\SIDBAI~1\LOCALS~1\Temp\Uninstall.exe
    File Deleted : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
    File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\user.js
    File Deleted : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\Software\WebProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v29.0 (en-US)

    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]

    Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

    [ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\prefs.js ]

    Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_170513_181616&babsrc=SP_ss&mntrId=2417001D72BA841F
    Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

    *************************

    AdwCleaner[R0].txt - [4801 octets] - [05/05/2014 16:23:01]
    AdwCleaner[S0].txt - [4419 octets] - [05/05/2014 16:24:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4479 octets] ##########
     

    # AdwCleaner v3.207 - Report created 05/05/2014 at 16:23:01
    # Updated 05/05/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Sid Bailey - YOUR-0C81E70C58
    # Running from : C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\DOCUME~1\SIDBAI~1\LOCALS~1\Temp\Uninstall.exe
    File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\user.js
    File Found : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
    File Found : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\user.js
    Folder Found : C:\DOCUME~1\SIDBAI~1\LOCALS~1\Temp\mt_ffx
    Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\Extensions\staged\[email protected]
    Folder Found : C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
    Folder Found : C:\Program Files\File Type Assistant
    Folder Found : C:\Program Files\vGrabber-software
    Folder Found : C:\Program Files\Web Protect

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
    Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\InstallCore
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
    Key Found : HKLM\Software\WebProtect

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites05_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0AzzyEtC0F0EyBtByBtN0D0Tzu0SzzyEyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0B0D0C0A0EtGzytAyCtAtG0FtA0A0AtGyEyD0CtDtGtDyByDtBtD0C0CyDtD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0FtC0D0DyE0CtGyB0AyBtCtGtByC0C0AtGtC0E0B0CtGtD0EzzyCtC0CtCtB0CyByDyB2Q&cr=185964165&ir=

    -\\ Mozilla Firefox v29.0 (en-US)

    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]

    Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");

    [ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\prefs.js ]

    Line Found : user_pref("browser.search.order.1", "Mysearchdial");

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_170513_181616&babsrc=SP_ss&mntrId=2417001D72BA841F
    Found [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

    *************************

    AdwCleaner[R0].txt - [4661 octets] - [05/05/2014 16:23:01]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4721 octets] ##########
     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.3 (03.23.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Sid Bailey on Mon 05/05/2014 at 16:39:36.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 05/05/2014 at 17:00:44.17
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-05-2014 02
    Ran by Sid Bailey (administrator) on YOUR-0C81E70C58 on 05-05-2014 18:48:22
    Running from C:\Documents and Settings\Sid Bailey\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Pro Softnet Corporation) C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Pro Softnet Corp.) C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
    (Pro Softnet Corp.) C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2012-01-17] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2012-01-17] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [108352 2012-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Run: [ZoneAlarm Backup Startup] => C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe [177680 2010-03-11] (Pro Softnet Corporation)
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoInternetOpenWith] 1
    Lsa: [Authentication Packages] msv1_0 nwprovau
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
    ShortcutTarget: ZoneAlarm Backup Tray.lnk -> C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=185964165&ir=
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: LastPass - C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\Extensions\[email protected] [2014-05-01]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-22]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
    CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (Docs) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-15]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-15]
    CHR Extension: (YouTube) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-15]
    CHR Extension: (Google Search) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-15]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
    R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
    R2 ZoneAlarmBackup Service; C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe [149008 2010-03-11] (Pro Softnet Corporation)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-22] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-22] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-22] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-22] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
    S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
    S3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-05] (Malwarebytes Corporation)
    S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
    S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
    R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
    R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
    S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
    S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2013-09-10] ()
    S0 ifxqgb; System32\drivers\lcmjpwf.sys [X]
    U4 intelppm;
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    U1 WS2IFSL;

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    2014-05-05 18:48 - 2014-05-05 18:48 - 00027200 _____ () C:\Documents and Settings\Sid Bailey\Desktop\FRST.txt
    2014-05-05 18:48 - 2014-05-05 18:48 - 00000000 ____D () C:\FRST
    2014-05-05 17:00 - 2014-05-05 17:00 - 00000741 _____ () C:\Documents and Settings\Sid Bailey\Desktop\JRT.txt
    2014-05-05 16:24 - 2014-05-05 16:24 - 00004559 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner[S0].txt
    2014-05-05 16:23 - 2014-05-05 16:23 - 00004801 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner[R0].txt
    2014-05-05 16:22 - 2014-05-05 16:29 - 00000000 ____D () C:\AdwCleaner
    2014-05-05 16:16 - 2014-05-05 16:16 - 01053184 _____ (Farbar) C:\Documents and Settings\Sid Bailey\Desktop\FRST.exe
    2014-05-05 16:15 - 2014-05-05 16:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
    2014-05-05 16:13 - 2014-05-05 16:13 - 01316991 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    2014-05-05 09:58 - 2014-05-05 09:58 - 00002062 _____ () C:\MBAM Quarantine5-5-14.txt
    2014-05-04 20:44 - 2014-05-04 20:50 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.txt
    2014-05-02 10:00 - 2014-05-02 10:00 - 00006121 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-01 20:11 - 2014-05-05 16:17 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-05-01 20:11 - 2014-05-01 20:11 - 00001116 _____ () C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\LastPass_1730492534
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
    2014-05-01 11:00 - 2014-05-01 11:00 - 00002059 _____ () C:\VEW5-1-14.txt
    2014-04-30 11:08 - 2014-04-30 11:08 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
    2014-04-30 10:50 - 2014-04-30 10:50 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
    2014-04-30 10:46 - 2014-04-30 10:46 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
    2014-04-29 21:37 - 2014-04-29 21:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-04-28 15:21 - 2014-04-28 15:21 - 00011023 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland..xls
    2014-04-28 15:20 - 2014-04-28 15:20 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
    2014-04-25 20:33 - 2014-04-25 20:33 - 00011354 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Expense Report for Tree of Lights 2013.xls
    2014-04-25 20:28 - 2014-04-25 20:28 - 00014213 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Income & Expense Report.xls
    2014-04-25 20:27 - 2014-04-25 20:27 - 00013076 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Donor List.xls
    2014-04-25 20:25 - 2014-04-25 20:25 - 00011409 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2012 Mem tree expenses.xls
    2014-04-25 20:23 - 2014-04-25 20:23 - 00013732 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Income & Expense Report 2012.xls
    2014-04-25 20:22 - 2014-04-25 20:22 - 00013956 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory tree deposit 12-24-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00015032 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 12-17-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00013812 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-16-13.xls
    2014-04-25 20:20 - 2014-04-25 20:20 - 00013789 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-7-13.xls
    2014-04-25 20:17 - 2014-04-25 20:17 - 00014162 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Deposit 12-23-13.xls
    2014-04-25 19:49 - 2014-04-25 19:49 - 00000617 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
    2014-04-25 19:44 - 2014-04-25 20:31 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\SSB
    2014-04-25 19:43 - 2014-04-25 19:45 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\MOB
    2014-04-25 19:36 - 2014-04-25 19:39 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\Church Related
    2014-04-25 19:35 - 2014-04-25 20:07 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
    2014-04-25 16:21 - 2014-04-25 16:21 - 00053248 _____ () C:\WINDOWS\system32\zlib.dll
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000865 _____ () C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Program Files\Foolish IT
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
    2014-04-23 20:33 - 2014-04-23 20:33 - 00001632 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
    2014-04-23 20:25 - 2014-04-23 20:25 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
    2014-04-23 19:32 - 2014-04-23 19:32 - 00050190 _____ () C:\Documents and Settings\Sid Bailey\My Documents\computer condition-0C81E70C58-4-23-14.txt
    2014-04-23 19:19 - 2014-04-23 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2014-04-23 11:01 - 2014-04-23 11:04 - 00011776 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
    2014-04-22 23:28 - 2014-04-22 23:28 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
    2014-04-22 21:44 - 2014-04-22 21:44 - 00000564 _____ () C:\VEW.txt
    2014-04-22 21:28 - 2014-04-22 21:30 - 00048713 _____ () C:\Documents and Settings\Sid Bailey\Desktop\YOUR-0C81E70C58.txt
    2014-04-22 21:28 - 2014-04-22 21:29 - 00048739 _____ () C:\Documents and Settings\Sid Bailey\My Documents\YOUR-0C81E70C58.txt
    2014-04-22 21:20 - 2014-04-23 19:19 - 00000654 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2014-04-22 21:20 - 2014-04-23 19:19 - 00000000 ____D () C:\Program Files\Speccy
    2014-04-22 21:09 - 2014-04-22 21:09 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
    2014-04-22 20:52 - 2014-04-22 20:52 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-04-22 20:52 - 2014-04-22 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-04-22 20:51 - 2014-04-22 20:51 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-22 20:51 - 2014-04-22 20:51 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-22 20:51 - 2014-04-22 20:51 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-22 20:49 - 2014-04-22 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-04-22 20:18 - 2014-04-22 20:18 - 00061440 _____ ( ) C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
    2014-04-22 20:17 - 2014-04-22 20:17 - 04845384 _____ (Piriform Ltd) C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
    2014-04-22 20:11 - 2014-04-22 20:11 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
    2014-04-22 09:25 - 2014-04-22 09:28 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
    2014-04-21 08:27 - 2014-04-21 08:27 - 00000000 __SHD () C:\found.000
    2014-04-17 19:28 - 2014-04-17 19:28 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
    2014-04-17 19:11 - 2014-04-17 19:11 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
    2014-04-16 23:18 - 2014-04-16 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-16 23:18 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-16 23:18 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-16 23:18 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-16 23:18 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-16 23:18 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-16 23:17 - 2014-04-16 23:18 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-13 23:38 - 2014-04-30 13:27 - 00000000 ____D () C:\Program Files\PC Tune-Up
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000714 _____ () C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
    2014-04-13 23:17 - 2014-05-05 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-10 16:05 - 2014-04-10 16:05 - 00000276 _____ () C:\Documents and Settings\Sid Bailey\My Documents\zonealarm-info#2.txt
    2014-04-10 16:04 - 2014-04-10 16:04 - 00000132 _____ () C:\Documents and Settings\Sid Bailey\My Documents\zonealarm-info#1.txt
    2014-04-10 15:54 - 2014-04-10 15:54 - 00000000 _____ () C:\cookies.sqlite
    2014-04-10 15:37 - 2014-04-10 15:37 - 00000000 ____D () C:\12bdf20f60ec5535a09cbe
    2014-04-09 14:25 - 2014-04-09 14:25 - 00102048 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-04-09 14:24 - 2014-04-09 15:44 - 00001084 _____ () C:\WINDOWS\spupdsvc.log
    2014-04-09 14:18 - 2014-04-10 15:37 - 00000000 ____D () C:\f44a78990ffdc5e00561dc6ca7
    2014-04-09 10:07 - 2014-04-09 10:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 10:00 - 2014-04-09 10:01 - 00022001 _____ () C:\WINDOWS\KB2936068-IE8.log
    2014-04-09 06:09 - 2014-04-09 10:07 - 00013471 _____ () C:\WINDOWS\KB2922229.log

    ==================== One Month Modified Files and Folders =======

    2014-05-05 18:48 - 2014-05-05 18:48 - 00027200 _____ () C:\Documents and Settings\Sid Bailey\Desktop\FRST.txt
    2014-05-05 18:48 - 2014-05-05 18:48 - 00000000 ____D () C:\FRST
    2014-05-05 18:45 - 2014-04-13 23:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-05-05 18:03 - 2013-05-04 23:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-05 17:00 - 2014-05-05 17:00 - 00000741 _____ () C:\Documents and Settings\Sid Bailey\Desktop\JRT.txt
    2014-05-05 16:39 - 2005-01-09 21:10 - 01444446 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-05 16:39 - 2005-01-09 21:07 - 00000000 ____D () C:\WINDOWS\Registration
    2014-05-05 16:38 - 2014-03-28 19:35 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-05-05 16:38 - 2013-10-29 23:45 - 00000000 ____D () C:\Program Files\ZoneAlarmBackup
    2014-05-05 16:38 - 2013-07-18 23:15 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-05-05 16:38 - 2013-07-18 23:15 - 00000048 _____ () C:\WINDOWS\wiaservc.log
    2014-05-05 16:38 - 2005-01-09 21:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-05 16:37 - 2013-08-15 03:24 - 01054366 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
    2014-05-05 16:37 - 2013-08-15 03:24 - 00199078 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-05-05 16:37 - 2012-01-17 19:53 - 00000178 ___SH () C:\Documents and Settings\Sid Bailey\ntuser.ini
    2014-05-05 16:37 - 2005-01-09 21:19 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-05 16:29 - 2014-05-05 16:22 - 00000000 ____D () C:\AdwCleaner
    2014-05-05 16:24 - 2014-05-05 16:24 - 00004559 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner[S0].txt
    2014-05-05 16:23 - 2014-05-05 16:23 - 00004801 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner[R0].txt
    2014-05-05 16:17 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
    2014-05-05 16:16 - 2014-05-05 16:16 - 01053184 _____ (Farbar) C:\Documents and Settings\Sid Bailey\Desktop\FRST.exe
    2014-05-05 16:15 - 2014-05-05 16:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
    2014-05-05 16:13 - 2014-05-05 16:13 - 01316991 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    2014-05-05 16:01 - 2012-01-24 16:07 - 00000974 _____ () C:\WINDOWS\MVPBR.INI
    2014-05-05 11:24 - 2012-01-17 17:07 - 00040978 _____ () C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
    2014-05-05 09:58 - 2014-05-05 09:58 - 00002062 _____ () C:\MBAM Quarantine5-5-14.txt
    2014-05-04 20:50 - 2014-05-04 20:44 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.txt
    2014-05-04 20:43 - 2013-11-01 14:39 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
    2014-05-04 18:14 - 2014-02-07 20:58 - 00005239 _____ () C:\WINDOWS\wmsetup.log
    2014-05-03 20:34 - 2005-01-09 21:26 - 00037872 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-05-03 20:31 - 2013-03-29 01:38 - 00177056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-05-03 11:03 - 2014-03-13 12:43 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Bulletins
    2014-05-02 10:15 - 2012-01-17 19:53 - 00000000 ____D () C:\Documents and Settings\Sid Bailey
    2014-05-02 10:00 - 2014-05-02 10:00 - 00006121 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 10:00 - 2014-02-13 11:15 - 00008942 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00073113 _____ () C:\WINDOWS\iis6.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00068010 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00032516 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00031031 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00022770 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00020644 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00013790 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00011913 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00007579 _____ () C:\WINDOWS\plusoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00004730 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003762 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003718 _____ () C:\WINDOWS\ehOCGen.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003421 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003399 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-05-02 10:00 - 2014-02-01 11:00 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-01 20:11 - 2014-05-01 20:11 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-05-01 20:11 - 2014-05-01 20:11 - 00001116 _____ () C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\LastPass_1730492534
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
    2014-05-01 11:00 - 2014-05-01 11:00 - 00002059 _____ () C:\VEW5-1-14.txt
    2014-04-30 13:27 - 2014-04-13 23:38 - 00000000 ____D () C:\Program Files\PC Tune-Up
    2014-04-30 13:27 - 2005-01-09 21:19 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-04-30 13:27 - 2005-01-09 21:19 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-04-30 11:08 - 2014-04-30 11:08 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
    2014-04-30 10:50 - 2014-04-30 10:50 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
    2014-04-30 10:46 - 2014-04-30 10:46 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
    2014-04-30 10:39 - 2014-03-04 16:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-04-30 04:13 - 2012-01-17 18:22 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-30 04:13 - 2010-04-16 12:09 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-29 21:37 - 2014-04-29 21:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-04-29 03:03 - 2012-04-11 09:01 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-04-29 03:03 - 2012-01-19 21:20 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-04-28 15:21 - 2014-04-28 15:21 - 00011023 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland..xls
    2014-04-28 15:20 - 2014-04-28 15:20 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
    2014-04-26 11:02 - 2014-03-31 15:01 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
    2014-04-26 01:05 - 2013-11-11 02:05 - 00000018 _____ () C:\UserName.ini
    2014-04-25 20:33 - 2014-04-25 20:33 - 00011354 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Expense Report for Tree of Lights 2013.xls
    2014-04-25 20:31 - 2014-04-25 19:44 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\SSB
    2014-04-25 20:28 - 2014-04-25 20:28 - 00014213 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Income & Expense Report.xls
    2014-04-25 20:27 - 2014-04-25 20:27 - 00013076 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Donor List.xls
    2014-04-25 20:25 - 2014-04-25 20:25 - 00011409 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2012 Mem tree expenses.xls
    2014-04-25 20:23 - 2014-04-25 20:23 - 00013732 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Income & Expense Report 2012.xls
    2014-04-25 20:22 - 2014-04-25 20:22 - 00013956 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory tree deposit 12-24-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00015032 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 12-17-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00013812 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-16-13.xls
    2014-04-25 20:20 - 2014-04-25 20:20 - 00013789 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-7-13.xls
    2014-04-25 20:17 - 2014-04-25 20:17 - 00014162 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Deposit 12-23-13.xls
    2014-04-25 20:07 - 2014-04-25 19:35 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
    2014-04-25 19:49 - 2014-04-25 19:49 - 00000617 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
    2014-04-25 19:45 - 2014-04-25 19:43 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\MOB
    2014-04-25 19:39 - 2014-04-25 19:36 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\Church Related
    2014-04-25 16:21 - 2014-04-25 16:21 - 00053248 _____ () C:\WINDOWS\system32\zlib.dll
    2014-04-24 08:22 - 2005-01-09 12:50 - 00000000 ____D () C:\WINDOWS\Resources
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000865 _____ () C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Program Files\Foolish IT
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
    2014-04-23 20:44 - 2012-05-22 19:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
    2014-04-23 20:44 - 2012-05-22 19:53 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
    2014-04-23 20:42 - 2013-12-06 22:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
    2014-04-23 20:42 - 2013-12-06 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
    2014-04-23 20:33 - 2014-04-23 20:33 - 00001632 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
    2014-04-23 20:33 - 2014-01-29 22:26 - 00000000 ____D () C:\Program Files\FileHippo.com
    2014-04-23 20:25 - 2014-04-23 20:25 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
    2014-04-23 19:47 - 2014-02-02 12:38 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-04-23 19:32 - 2014-04-23 19:32 - 00050190 _____ () C:\Documents and Settings\Sid Bailey\My Documents\computer condition-0C81E70C58-4-23-14.txt
    2014-04-23 19:20 - 2014-02-02 00:29 - 00030869 _____ () C:\WINDOWS\setupapi.log
    2014-04-23 19:19 - 2014-04-23 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2014-04-23 19:19 - 2014-04-22 21:20 - 00000654 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2014-04-23 19:19 - 2014-04-22 21:20 - 00000000 ____D () C:\Program Files\Speccy
    2014-04-23 16:06 - 2014-02-01 20:54 - 00000221 _____ () C:\WINDOWS\setupact.log
    2014-04-23 11:04 - 2014-04-23 11:01 - 00011776 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
    2014-04-22 23:28 - 2014-04-22 23:28 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
    2014-04-22 23:27 - 2013-09-21 12:00 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\NVIDIA
    2014-04-22 23:23 - 2013-09-21 11:55 - 00001000 _____ () C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
    2014-04-22 23:23 - 2012-01-17 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    2014-04-22 23:22 - 2012-01-17 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
    2014-04-22 23:20 - 2012-01-17 17:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-04-22 21:44 - 2014-04-22 21:44 - 00000564 _____ () C:\VEW.txt
    2014-04-22 21:30 - 2014-04-22 21:28 - 00048713 _____ () C:\Documents and Settings\Sid Bailey\Desktop\YOUR-0C81E70C58.txt
    2014-04-22 21:29 - 2014-04-22 21:28 - 00048739 _____ () C:\Documents and Settings\Sid Bailey\My Documents\YOUR-0C81E70C58.txt
    2014-04-22 21:09 - 2014-04-22 21:09 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
    2014-04-22 20:52 - 2014-04-22 20:52 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-04-22 20:52 - 2014-04-22 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-04-22 20:51 - 2014-04-22 20:51 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-22 20:51 - 2014-04-22 20:51 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-22 20:51 - 2014-04-22 20:51 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-22 20:49 - 2014-04-22 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-04-22 20:29 - 2012-02-11 13:10 - 00000000 ____D () C:\Program Files\CheckPoint
    2014-04-22 20:18 - 2014-04-22 20:18 - 00061440 _____ ( ) C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
    2014-04-22 20:17 - 2014-04-22 20:17 - 04845384 _____ (Piriform Ltd) C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
    2014-04-22 20:11 - 2014-04-22 20:11 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
    2014-04-22 15:49 - 2014-01-17 13:19 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
    2014-04-22 09:28 - 2014-04-22 09:25 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
    2014-04-21 16:34 - 2005-01-09 13:00 - 00603718 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-21 08:27 - 2014-04-21 08:27 - 00000000 __SHD () C:\found.000
    2014-04-19 11:37 - 2012-05-22 19:52 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Adobe
    2014-04-17 19:28 - 2014-04-17 19:28 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
    2014-04-17 19:11 - 2014-04-17 19:11 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
    2014-04-16 23:18 - 2014-04-16 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-16 23:18 - 2014-04-16 23:17 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-16 23:18 - 2013-03-28 23:40 - 00000000 ____D () C:\Program Files\Java
    2014-04-14 20:13 - 2014-04-16 23:18 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-14 20:05 - 2014-04-16 23:18 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-14 20:05 - 2014-04-16 23:18 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-14 20:04 - 2014-04-16 23:18 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-14 19:47 - 2014-04-16 23:18 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000714 _____ () C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\Malwarebytes
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-04-10 16:05 - 2014-04-10 16:05 - 00000276 _____ () C:\Documents and Settings\Sid Bailey\My Documents\zonealarm-info#2.txt
    2014-04-10 16:04 - 2014-04-10 16:04 - 00000132 _____ () C:\Documents and Settings\Sid Bailey\My Documents\zonealarm-info#1.txt
    2014-04-10 15:54 - 2014-04-10 15:54 - 00000000 _____ () C:\cookies.sqlite
    2014-04-10 15:37 - 2014-04-10 15:37 - 00000000 ____D () C:\12bdf20f60ec5535a09cbe
    2014-04-10 15:37 - 2014-04-09 14:18 - 00000000 ____D () C:\f44a78990ffdc5e00561dc6ca7
    2014-04-09 16:21 - 2005-01-09 21:06 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2014-04-09 15:44 - 2014-04-09 14:24 - 00001084 _____ () C:\WINDOWS\spupdsvc.log
    2014-04-09 14:25 - 2014-04-09 14:25 - 00102048 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-04-09 14:24 - 2012-02-01 20:00 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
    2014-04-09 10:07 - 2014-04-09 10:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
    2014-04-09 10:07 - 2014-04-09 06:09 - 00013471 _____ () C:\WINDOWS\KB2922229.log
    2014-04-09 10:07 - 2013-08-15 03:04 - 00001355 _____ () C:\WINDOWS\imsins.BAK
    2014-04-09 10:07 - 2013-07-19 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-04-09 10:01 - 2014-04-09 10:00 - 00022001 _____ () C:\WINDOWS\KB2936068-IE8.log
    2014-04-09 10:01 - 2012-01-17 19:41 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-04-08 16:24 - 2014-03-28 19:35 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-04-07 13:10 - 2013-02-07 12:33 - 00012800 _____ () C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Sid Bailey\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Sid Bailey\Local Settings\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-05-2014 02
    Ran by Sid Bailey at 2014-05-05 18:49:25
    Running from C:\Documents and Settings\Sid Bailey\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
    Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
    Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    Card Games for Windows (HKLM\...\Card Games for Windows) (Version:  - )
    CryptoPrevent v4.3.2 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 29.0 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0 (x86 en-US)) (Version: 29.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
    NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
    NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
    OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    PC Tune-Up (HKLM\...\PC Tune-Up) (Version: 2.2.0.1 - Large Software)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
    ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013 (HKLM\...\ZoneAlarm Backup Powered by IDrive_is1) (Version: 1.0.5 - ProSoftnet Corp)
    ZoneAlarm DataLock (Version: 11.0.000.020 - Check Point Software Technologies Ltd.) Hidden

    ==================== Restore Points  =========================

    05-02-2014 18:57:13 System Checkpoint
    06-02-2014 19:03:51 System Checkpoint
    07-02-2014 20:42:48 System Checkpoint
    08-02-2014 23:16:34 System Checkpoint
    10-02-2014 01:30:07 System Checkpoint
    11-02-2014 04:26:10 System Checkpoint
    12-02-2014 04:26:16 System Checkpoint
    13-02-2014 06:04:21 System Checkpoint
    13-02-2014 15:00:21 Software Distribution Service 3.0
    14-02-2014 19:29:33 System Checkpoint
    15-02-2014 23:50:12 System Checkpoint
    17-02-2014 02:36:52 System Checkpoint
    18-02-2014 04:53:57 System Checkpoint
    19-02-2014 18:20:56 System Checkpoint
    19-02-2014 20:35:08 Software Distribution Service 3.0
    21-02-2014 06:47:41 System Checkpoint
    22-02-2014 07:50:47 System Checkpoint
    23-02-2014 19:10:56 System Checkpoint
    24-02-2014 20:04:39 System Checkpoint
    26-02-2014 03:27:19 System Checkpoint
    27-02-2014 04:14:15 System Checkpoint
    01-03-2014 03:31:11 System Checkpoint
    02-03-2014 06:30:19 System Checkpoint
    03-03-2014 07:53:45 System Checkpoint
    04-03-2014 18:26:45 System Checkpoint
    05-03-2014 23:00:03 System Checkpoint
    06-03-2014 23:11:04 System Checkpoint
    08-03-2014 07:50:28 System Checkpoint
    09-03-2014 09:06:27 System Checkpoint
    10-03-2014 22:04:23 System Checkpoint
    12-03-2014 01:44:15 System Checkpoint
    13-03-2014 04:06:13 System Checkpoint
    13-03-2014 14:00:14 Software Distribution Service 3.0
    14-03-2014 14:00:15 Software Distribution Service 3.0
    16-03-2014 02:06:46 System Checkpoint
    17-03-2014 06:54:41 System Checkpoint
    19-03-2014 05:48:32 System Checkpoint
    19-03-2014 14:00:14 Software Distribution Service 3.0
    20-03-2014 21:37:39 System Checkpoint
    22-03-2014 05:57:05 System Checkpoint
    23-03-2014 07:05:21 System Checkpoint
    24-03-2014 08:16:40 System Checkpoint
    26-03-2014 05:00:42 System Checkpoint
    27-03-2014 06:46:53 System Checkpoint
    27-03-2014 14:00:19 Software Distribution Service 3.0
    28-03-2014 20:44:08 System Checkpoint
    30-03-2014 04:57:00 System Checkpoint
    31-03-2014 06:44:45 System Checkpoint
    02-04-2014 05:27:17 System Checkpoint
    03-04-2014 21:49:11 System Checkpoint
    05-04-2014 03:02:41 System Checkpoint
    06-04-2014 05:05:05 System Checkpoint
    07-04-2014 07:04:39 System Checkpoint
    08-04-2014 17:59:55 System Checkpoint
    09-04-2014 14:00:26 Software Distribution Service 3.0
    09-04-2014 18:23:58 Installed Windows KB954550-v5.
    09-04-2014 18:24:06 Printer Driver Microsoft XPS Document Writer Installed
    09-04-2014 18:24:16 Printer Driver Microsoft XPS Document Writer Installed
    09-04-2014 23:50:43 Restore Operation
    10-04-2014 19:46:04 Restore Operation
    12-04-2014 06:47:58 System Checkpoint
    14-04-2014 04:51:24 System Checkpoint
    15-04-2014 05:25:49 System Checkpoint
    16-04-2014 05:30:56 System Checkpoint
    17-04-2014 03:17:43 Installed Java 7 Update 55
    18-04-2014 05:35:55 System Checkpoint
    19-04-2014 07:03:57 System Checkpoint
    20-04-2014 10:08:08 System Checkpoint
    21-04-2014 11:00:39 System Checkpoint
    22-04-2014 11:02:46 System Checkpoint
    23-04-2014 00:51:01 avast! antivirus system restore point
    24-04-2014 03:54:19 System Checkpoint
    25-04-2014 04:52:00 System Checkpoint
    26-04-2014 08:49:56 System Checkpoint
    27-04-2014 08:59:27 System Checkpoint
    28-04-2014 11:35:55 System Checkpoint
    29-04-2014 12:27:56 System Checkpoint
    30-04-2014 15:49:21 System Checkpoint
    01-05-2014 21:46:01 System Checkpoint
    02-05-2014 14:00:14 Software Distribution Service 3.0
    03-05-2014 17:34:05 System Checkpoint
    04-05-2014 18:07:39 System Checkpoint
    05-05-2014 21:26:48 System Checkpoint

    ==================== Hosts content: ==========================

    2012-01-17 18:21 - 2014-03-13 20:19 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-05 14:12 - 2014-05-05 14:12 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14050501\algo.dll
    2014-04-22 20:51 - 2014-04-22 20:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2005-01-09 19:48 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2005-01-09 19:48 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2012-01-17 18:21 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2012-01-17 18:22 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2013-12-06 22:04 - 2014-04-22 14:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    2012-07-03 18:29 - 2011-12-07 18:31 - 00303360 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    2012-07-03 18:29 - 2011-08-18 11:22 - 00323584 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============

    Name: Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: NETGEAR WNA3100 N300 Wireless USB Adapter - Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/24/2014 09:28:25 PM) (Source: crypt32) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....152A41D829C.crt> with error: This operation returned because the timeout period expired.

    Error: (04/23/2014 08:24:56 PM) (Source: crypt32) (User: )
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....64251B18118.crt> with error: This operation returned because the timeout period expired.


    System errors:
    =============
    Error: (05/05/2014 04:39:27 PM) (Source: Service Control Manager) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (05/05/2014 04:27:36 PM) (Source: Service Control Manager) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (05/05/2014 04:24:21 PM) (Source: Service Control Manager) (User: )
    Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:21 PM) (Source: Service Control Manager) (User: )
    Description: The WSWNA3100 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:21 PM) (Source: Service Control Manager) (User: )
    Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:21 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:21 PM) (Source: Service Control Manager) (User: )
    Description: The Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:13 PM) (Source: Service Control Manager) (User: )
    Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/05/2014 04:24:13 PM) (Source: Service Control Manager) (User: )
    Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (05/05/2014 04:24:13 PM) (Source: Service Control Manager) (User: )
    Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (04/24/2014 09:28:25 PM) (Source: crypt32)(User: )
    Description: http://www.download....41D829C.crtThis operation returned because the timeout period expired.

    Error: (04/23/2014 08:24:56 PM) (Source: crypt32)(User: )
    Description: http://www.download....1B18118.crtThis operation returned because the timeout period expired.


    ==================== Memory info ===========================

    Percentage of memory in use: 52%
    Total physical RAM: 1406.42 MB
    Available physical RAM: 672.12 MB
    Total Pagefile: 5350.43 MB
    Available Pagefile: 4713.46 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1957.93 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:139.04 GB) (Free:114.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: 14CB14CB)
    Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
    Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

     

    Avast was turned off during the scans by FRST, JRT, & Adwc; but Malwarebytes was still enabled 

    Sid


    Edited by oldrailroadgeek, 05 May 2014 - 05:16 PM.

    • 0

    #4
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

       I have WinPatrol installed and in the morning after I quarantine the "MySearchdial" on the MBAM report a pop-up by WinPatrol informs me that a program is attempting to change my search engine to google.  Click decline change if not ok.; which I click decline.  I don't know if this tells you anything important.

    Sid


    • 0

    #5
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Appears I lost your reply.

     

    No reason not to let it change your search to google.  WinPatrol doesn't like changes so even a good change is suspect.

     

    Run AdwCleaner again and let's see if it found anything new.


    • 0

    #6
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

          The other logs you requested for the Junk Removal Tool and the farbar are in reply #3 of this topic.  I reran the AdwC and here are the logs from today's run

     

     

    # AdwCleaner v3.208 - Report created 12/05/2014 at 20:42:14
    # Updated 11/05/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Sid Bailey - YOUR-0C81E70C58
    # Running from : C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]


    [ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R1].txt - [1583 octets] - [12/05/2014 20:41:13]
    AdwCleaner[S1].txt - [1123 octets] - [12/05/2014 20:42:14]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1183 octets] ##########

     

    # AdwCleaner v3.208 - Report created 12/05/2014 at 20:41:13
    # Updated 11/05/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Sid Bailey - YOUR-0C81E70C58
    # Running from : C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites05_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0AzzyEtC0F0EyBtByBtN0D0Tzu0SzzyEyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0B0D0C0A0EtGzytAyCtAtG0FtA0A0AtGyEyD0CtDtGtDyByDtBtD0C0CyDtD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0FtC0D0DyE0CtGyB0AyBtCtGtByC0C0AtGtC0E0B0CtGtD0EzzyCtC0CtCtB0CyByDyB2Q&cr=185964165&ir=

    -\\ Mozilla Firefox v29.0.1 (en-US)

    [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z76aiey7.default\prefs.js ]


    [ File : C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R1].txt - [1443 octets] - [12/05/2014 20:41:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1503 octets] ##########

     

    When the scan finished, there were no items listed in the box of items to be removed.

    Sid


     


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Stop your anti-virus and WinPatrol
    Run FRST and press Fix
    A fix log will be generated please post that then you should be able to boot into regular mode.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

    • 1

    #8
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

         I noticed on the first run of AdwC on 5/5 that the report says line deleted for MySearchDial, but in my overnight scan by Malwarebytes it came up as item to be quarantined "MySearchDial.A" which I again quarainted.  That may be the item trying to change my search engine to google, which engine I do not like.  I prefer Bing.

    Sid


    Edited by oldrailroadgeek, 12 May 2014 - 07:23 PM.

    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    Tell you what.  Since you have Avast let it do a full boot-time scan tonight while you sleep:

     

     
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

    • 1

    #10
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

       Here are the logs for the FRST Fixlist run and the Avast boot-time scan

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
    Ran by Sid Bailey at 2014-05-12 23:36:52 Run:1
    Running from C:\Documents and Settings\Sid Bailey\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=185964165&ir=
    SearchScopes: HKLM - DefaultScope value is missing.
    Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
    S0 ifxqgb; System32\drivers\lcmjpwf.sys [X]
    U4 intelppm;
    U1 WS2IFSL;
    System32\drivers\lcmjpwf.sys

    *****************

    HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
    HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
    ifxqgb => Service deleted successfully.
    intelppm => Service deleted successfully.
    WS2IFSL => Service deleted successfully.

    ==== End of Fixlog ====

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
    Ran by Sid Bailey (administrator) on YOUR-0C81E70C58 on 12-05-2014 23:39:46
    Running from C:\Documents and Settings\Sid Bailey\Desktop
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
    (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Pro Softnet Corp.) C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Pro Softnet Corporation) C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Pro Softnet Corp.) C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-06] (Microsoft Corporation)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2012-01-17] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2012-01-17] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [108352 2012-05-15] (NVIDIA Corporation)
    HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
    HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *‮* <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Run: [ZoneAlarm Backup Startup] => C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe [177680 2010-03-11] (Pro Softnet Corporation)
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\S-1-5-21-1576569892-3062952477-2378348150-1006\...\Policies\Explorer: [NoInternetOpenWith] 1
    Lsa: [Authentication Packages] msv1_0 nwprovau
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk
    ShortcutTarget: ZoneAlarm Backup Tray.lnk -> C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKCU - {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: LastPass - C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\Extensions\[email protected] [2014-05-01]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-22]

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
    CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (Docs) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-15]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-15]
    CHR Extension: (YouTube) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-15]
    CHR Extension: (Google Search) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-15]
    CHR Extension: (Gmail) - C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-15]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-06] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
    R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
    R2 ZoneAlarmBackup Service; C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe [149008 2010-03-11] (Pro Softnet Corporation)
    S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
    R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-22] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-22] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-22] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-22] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
    S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
    S3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-12] (Malwarebytes Corporation)
    S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
    S3 NPF; C:\WINDOWS\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
    R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
    R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
    R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
    R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
    R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
    R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
    S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
    S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2013-09-10] ()
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    2014-05-12 23:39 - 2014-05-12 23:40 - 00026381 _____ () C:\Documents and Settings\Sid Bailey\Desktop\FRST.txt
    2014-05-12 23:36 - 2014-05-12 23:36 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Desktop\FRST-OlderVersion
    2014-05-12 20:37 - 2014-05-12 20:38 - 01325827 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    2014-05-12 20:23 - 2014-05-12 20:42 - 00000000 ____D () C:\AdwCleaner
    2014-05-11 19:10 - 2014-05-11 19:10 - 00001505 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Prunella Cake.txt
    2014-05-11 16:05 - 2014-05-11 16:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-05-11 14:05 - 2014-05-11 14:33 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Healthcare letter 5-10-2014 App2.wps
    2014-05-11 09:47 - 2014-05-11 09:47 - 00010240 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Healthcare letter 5-10-2014.wps
    2014-05-09 11:27 - 2014-05-09 11:27 - 00011018 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCo..xls
    2014-05-09 11:26 - 2014-05-09 11:26 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCo.xlr
    2014-05-05 18:48 - 2014-05-12 23:39 - 00000000 ____D () C:\FRST
    2014-05-05 16:16 - 2014-05-12 23:36 - 01056256 _____ (Farbar) C:\Documents and Settings\Sid Bailey\Desktop\FRST.exe
    2014-05-05 16:15 - 2014-05-05 16:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
    2014-05-05 09:58 - 2014-05-05 09:58 - 00002062 _____ () C:\MBAM Quarantine5-5-14.txt
    2014-05-04 20:44 - 2014-05-04 20:50 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.txt
    2014-05-02 10:00 - 2014-05-02 10:00 - 00006121 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-01 20:11 - 2014-05-12 23:28 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-05-01 20:11 - 2014-05-01 20:11 - 00001116 _____ () C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\LastPass_1730492534
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
    2014-05-01 11:00 - 2014-05-01 11:00 - 00002059 _____ () C:\VEW5-1-14.txt
    2014-04-30 11:08 - 2014-04-30 11:08 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
    2014-04-30 10:50 - 2014-04-30 10:50 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
    2014-04-30 10:46 - 2014-04-30 10:46 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
    2014-04-28 15:21 - 2014-04-28 15:21 - 00011023 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland..xls
    2014-04-28 15:20 - 2014-04-28 15:20 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
    2014-04-25 20:33 - 2014-04-25 20:33 - 00011354 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Expense Report for Tree of Lights 2013.xls
    2014-04-25 20:28 - 2014-04-25 20:28 - 00014213 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Income & Expense Report.xls
    2014-04-25 20:27 - 2014-04-25 20:27 - 00013076 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Donor List.xls
    2014-04-25 20:25 - 2014-04-25 20:25 - 00011409 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2012 Mem tree expenses.xls
    2014-04-25 20:23 - 2014-04-25 20:23 - 00013732 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Income & Expense Report 2012.xls
    2014-04-25 20:22 - 2014-04-25 20:22 - 00013956 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory tree deposit 12-24-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00015032 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 12-17-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00013812 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-16-13.xls
    2014-04-25 20:20 - 2014-04-25 20:20 - 00013789 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-7-13.xls
    2014-04-25 20:17 - 2014-04-25 20:17 - 00014162 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Deposit 12-23-13.xls
    2014-04-25 19:49 - 2014-04-25 19:49 - 00000617 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
    2014-04-25 19:44 - 2014-04-25 20:31 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\SSB
    2014-04-25 19:43 - 2014-04-25 19:45 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\MOB
    2014-04-25 19:36 - 2014-04-25 19:39 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\Church Related
    2014-04-25 19:35 - 2014-04-25 20:07 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
    2014-04-25 16:21 - 2014-04-25 16:21 - 00053248 _____ () C:\WINDOWS\system32\zlib.dll
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000865 _____ () C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Program Files\Foolish IT
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
    2014-04-23 20:33 - 2014-04-23 20:33 - 00001632 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
    2014-04-23 20:25 - 2014-04-23 20:25 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
    2014-04-23 19:32 - 2014-04-23 19:32 - 00050190 _____ () C:\Documents and Settings\Sid Bailey\My Documents\computer condition-0C81E70C58-4-23-14.txt
    2014-04-23 19:19 - 2014-04-23 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2014-04-23 11:01 - 2014-04-23 11:04 - 00011776 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
    2014-04-22 23:28 - 2014-04-22 23:28 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
    2014-04-22 21:44 - 2014-04-22 21:44 - 00000564 _____ () C:\VEW.txt
    2014-04-22 21:28 - 2014-04-22 21:30 - 00048713 _____ () C:\Documents and Settings\Sid Bailey\Desktop\YOUR-0C81E70C58.txt
    2014-04-22 21:28 - 2014-04-22 21:29 - 00048739 _____ () C:\Documents and Settings\Sid Bailey\My Documents\YOUR-0C81E70C58.txt
    2014-04-22 21:20 - 2014-04-23 19:19 - 00000654 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2014-04-22 21:20 - 2014-04-23 19:19 - 00000000 ____D () C:\Program Files\Speccy
    2014-04-22 21:09 - 2014-04-22 21:09 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
    2014-04-22 20:52 - 2014-04-22 20:52 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-04-22 20:52 - 2014-04-22 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-04-22 20:51 - 2014-04-22 20:51 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-22 20:51 - 2014-04-22 20:51 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-22 20:51 - 2014-04-22 20:51 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-22 20:49 - 2014-04-22 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-04-22 20:18 - 2014-04-22 20:18 - 00061440 _____ ( ) C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
    2014-04-22 20:17 - 2014-04-22 20:17 - 04845384 _____ (Piriform Ltd) C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
    2014-04-22 20:11 - 2014-04-22 20:11 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
    2014-04-22 09:25 - 2014-04-22 09:28 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
    2014-04-21 08:27 - 2014-04-21 08:27 - 00000000 __SHD () C:\found.000
    2014-04-17 19:28 - 2014-04-17 19:28 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
    2014-04-17 19:11 - 2014-05-06 11:40 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
    2014-04-16 23:18 - 2014-04-16 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-16 23:18 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-16 23:18 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-16 23:18 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-16 23:18 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-16 23:18 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-16 23:17 - 2014-04-16 23:18 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-13 23:38 - 2014-04-30 13:27 - 00000000 ____D () C:\Program Files\PC Tune-Up
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000714 _____ () C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
    2014-04-13 23:17 - 2014-05-12 23:40 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

    ==================== One Month Modified Files and Folders =======

    2014-05-12 23:40 - 2014-05-12 23:39 - 00026381 _____ () C:\Documents and Settings\Sid Bailey\Desktop\FRST.txt
    2014-05-12 23:40 - 2014-04-13 23:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-05-12 23:39 - 2014-05-05 18:48 - 00000000 ____D () C:\FRST
    2014-05-12 23:36 - 2014-05-12 23:36 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Desktop\FRST-OlderVersion
    2014-05-12 23:36 - 2014-05-05 16:16 - 01056256 _____ (Farbar) C:\Documents and Settings\Sid Bailey\Desktop\FRST.exe
    2014-05-12 23:35 - 2013-12-06 22:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
    2014-05-12 23:34 - 2013-12-06 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\InstallMate
    2014-05-12 23:28 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
    2014-05-12 23:03 - 2013-05-04 23:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-12 21:49 - 2013-07-18 23:15 - 00000230 _____ () C:\WINDOWS\wiadebug.log
    2014-05-12 21:06 - 2005-01-09 21:10 - 01541507 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-12 20:43 - 2014-03-28 19:35 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2014-05-12 20:43 - 2013-10-29 23:45 - 00000000 ____D () C:\Program Files\ZoneAlarmBackup
    2014-05-12 20:43 - 2013-07-18 23:15 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-05-12 20:43 - 2005-01-09 21:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-12 20:43 - 2005-01-09 21:07 - 00000000 ____D () C:\WINDOWS\Registration
    2014-05-12 20:42 - 2014-05-12 20:23 - 00000000 ____D () C:\AdwCleaner
    2014-05-12 20:42 - 2012-01-17 19:53 - 00000178 ___SH () C:\Documents and Settings\Sid Bailey\ntuser.ini
    2014-05-12 20:42 - 2005-01-09 21:19 - 00032594 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-12 20:38 - 2014-05-12 20:37 - 01325827 _____ () C:\Documents and Settings\Sid Bailey\Desktop\AdwCleaner(2).exe
    2014-05-12 19:48 - 2014-03-04 16:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-05-12 10:52 - 2012-01-24 16:07 - 00000974 _____ () C:\WINDOWS\MVPBR.INI
    2014-05-11 19:10 - 2014-05-11 19:10 - 00001505 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Prunella Cake.txt
    2014-05-11 18:09 - 2014-02-07 20:58 - 00006045 _____ () C:\WINDOWS\wmsetup.log
    2014-05-11 16:05 - 2014-05-11 16:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-05-11 14:33 - 2014-05-11 14:05 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Healthcare letter 5-10-2014 App2.wps
    2014-05-11 14:33 - 2012-01-17 17:07 - 00041062 _____ () C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
    2014-05-11 09:47 - 2014-05-11 09:47 - 00010240 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Healthcare letter 5-10-2014.wps
    2014-05-11 08:14 - 2014-02-02 00:29 - 00043543 _____ () C:\WINDOWS\setupapi.log
    2014-05-11 08:13 - 2014-02-01 20:54 - 00000262 _____ () C:\WINDOWS\setupact.log
    2014-05-11 08:04 - 2005-01-09 19:48 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-09 20:35 - 2013-08-15 03:24 - 01054366 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
    2014-05-09 20:35 - 2013-08-15 03:24 - 00199078 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2014-05-09 20:35 - 2012-01-17 19:53 - 00000000 ____D () C:\Documents and Settings\Sid Bailey
    2014-05-09 11:27 - 2014-05-09 11:27 - 00011018 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCo..xls
    2014-05-09 11:26 - 2014-05-09 11:26 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check APCo.xlr
    2014-05-09 11:11 - 2014-03-13 12:43 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Bulletins
    2014-05-08 15:00 - 2014-03-28 19:35 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2014-05-07 11:17 - 2013-02-07 12:33 - 00015872 _____ () C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
    2014-05-06 11:52 - 2014-03-06 16:31 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-County PSD.wps
    2014-05-06 11:43 - 2014-03-04 11:28 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Town of Iaeger.wps
    2014-05-06 11:42 - 2014-03-04 11:34 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-WV Conference Treasurer.wps
    2014-05-06 11:40 - 2014-04-17 19:11 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
    2014-05-06 11:38 - 2014-04-04 13:45 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
    2014-05-06 11:36 - 2014-03-31 15:25 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Town of Iaeger.xlr
    2014-05-05 16:15 - 2014-05-05 16:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\Sid Bailey\Desktop\JRT.exe
    2014-05-05 09:58 - 2014-05-05 09:58 - 00002062 _____ () C:\MBAM Quarantine5-5-14.txt
    2014-05-04 20:50 - 2014-05-04 20:44 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.txt
    2014-05-04 20:43 - 2013-11-01 14:39 - 00043520 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Roast Cornish Hens.wdb
    2014-05-03 20:34 - 2005-01-09 21:26 - 00037872 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-05-03 20:31 - 2013-03-29 01:38 - 00177056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-05-02 10:00 - 2014-05-02 10:00 - 00006121 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 10:00 - 2014-02-13 11:15 - 00008942 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00073113 _____ () C:\WINDOWS\iis6.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00068010 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00032516 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00031031 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00022770 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00020644 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00013790 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00011913 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00007579 _____ () C:\WINDOWS\plusoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00004730 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003762 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003718 _____ () C:\WINDOWS\ehOCGen.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003421 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00003399 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 10:00 - 2014-02-13 11:11 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-05-02 10:00 - 2014-02-01 11:00 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-01 20:11 - 2014-05-01 20:11 - 11211264 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
    2014-05-01 20:11 - 2014-05-01 20:11 - 00001116 _____ () C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\LastPass_1730492534
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
    2014-05-01 20:11 - 2014-05-01 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
    2014-05-01 11:00 - 2014-05-01 11:00 - 00002059 _____ () C:\VEW5-1-14.txt
    2014-04-30 13:27 - 2014-04-13 23:38 - 00000000 ____D () C:\Program Files\PC Tune-Up
    2014-04-30 13:27 - 2005-01-09 21:19 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-04-30 13:27 - 2005-01-09 21:19 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2014-04-30 11:08 - 2014-04-30 11:08 - 00014848 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
    2014-04-30 10:50 - 2014-04-30 10:50 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
    2014-04-30 10:46 - 2014-04-30 10:46 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
    2014-04-30 04:13 - 2012-01-17 18:22 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-30 04:13 - 2010-04-16 12:09 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-29 03:03 - 2012-04-11 09:01 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-04-29 03:03 - 2012-01-19 21:20 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-04-28 15:21 - 2014-04-28 15:21 - 00011023 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland..xls
    2014-04-28 15:20 - 2014-04-28 15:20 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
    2014-04-26 11:02 - 2014-03-31 15:01 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
    2014-04-26 01:05 - 2013-11-11 02:05 - 00000018 _____ () C:\UserName.ini
    2014-04-25 20:33 - 2014-04-25 20:33 - 00011354 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Expense Report for Tree of Lights 2013.xls
    2014-04-25 20:31 - 2014-04-25 19:44 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\SSB
    2014-04-25 20:28 - 2014-04-25 20:28 - 00014213 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Income & Expense Report.xls
    2014-04-25 20:27 - 2014-04-25 20:27 - 00013076 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2013 Memory Tree Donor List.xls
    2014-04-25 20:25 - 2014-04-25 20:25 - 00011409 _____ () C:\Documents and Settings\Sid Bailey\My Documents\2012 Mem tree expenses.xls
    2014-04-25 20:23 - 2014-04-25 20:23 - 00013732 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Income & Expense Report 2012.xls
    2014-04-25 20:22 - 2014-04-25 20:22 - 00013956 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory tree deposit 12-24-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00015032 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 12-17-12.xls
    2014-04-25 20:21 - 2014-04-25 20:21 - 00013812 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-16-13.xls
    2014-04-25 20:20 - 2014-04-25 20:20 - 00013789 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree Deposit 1-7-13.xls
    2014-04-25 20:17 - 2014-04-25 20:17 - 00014162 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Memory Tree 2013 Deposit 12-23-13.xls
    2014-04-25 20:07 - 2014-04-25 19:35 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
    2014-04-25 19:49 - 2014-04-25 19:49 - 00000617 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
    2014-04-25 19:45 - 2014-04-25 19:43 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\MOB
    2014-04-25 19:39 - 2014-04-25 19:36 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\My Documents\Church Related
    2014-04-25 16:21 - 2014-04-25 16:21 - 00053248 _____ () C:\WINDOWS\system32\zlib.dll
    2014-04-24 08:22 - 2005-01-09 12:50 - 00000000 ____D () C:\WINDOWS\Resources
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000865 _____ () C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Program Files\Foolish IT
    2014-04-23 20:45 - 2014-04-23 20:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
    2014-04-23 20:44 - 2012-05-22 19:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
    2014-04-23 20:44 - 2012-05-22 19:53 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
    2014-04-23 20:33 - 2014-04-23 20:33 - 00001632 _____ () C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
    2014-04-23 20:33 - 2014-01-29 22:26 - 00000000 ____D () C:\Program Files\FileHippo.com
    2014-04-23 20:25 - 2014-04-23 20:25 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
    2014-04-23 19:47 - 2014-02-02 12:38 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-04-23 19:32 - 2014-04-23 19:32 - 00050190 _____ () C:\Documents and Settings\Sid Bailey\My Documents\computer condition-0C81E70C58-4-23-14.txt
    2014-04-23 19:19 - 2014-04-23 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2014-04-23 19:19 - 2014-04-22 21:20 - 00000654 _____ () C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2014-04-23 19:19 - 2014-04-22 21:20 - 00000000 ____D () C:\Program Files\Speccy
    2014-04-23 11:04 - 2014-04-23 11:01 - 00011776 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
    2014-04-22 23:28 - 2014-04-22 23:28 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
    2014-04-22 23:27 - 2013-09-21 12:00 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\NVIDIA
    2014-04-22 23:23 - 2013-09-21 11:55 - 00001000 _____ () C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
    2014-04-22 23:23 - 2012-01-17 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    2014-04-22 23:22 - 2012-01-17 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NVIDIA
    2014-04-22 23:20 - 2012-01-17 17:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-04-22 21:44 - 2014-04-22 21:44 - 00000564 _____ () C:\VEW.txt
    2014-04-22 21:30 - 2014-04-22 21:28 - 00048713 _____ () C:\Documents and Settings\Sid Bailey\Desktop\YOUR-0C81E70C58.txt
    2014-04-22 21:29 - 2014-04-22 21:28 - 00048739 _____ () C:\Documents and Settings\Sid Bailey\My Documents\YOUR-0C81E70C58.txt
    2014-04-22 21:09 - 2014-04-22 21:09 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
    2014-04-22 20:52 - 2014-04-22 20:52 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-04-22 20:52 - 2014-04-22 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-04-22 20:51 - 2014-04-22 20:51 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-04-22 20:51 - 2014-04-22 20:51 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-04-22 20:51 - 2014-04-22 20:51 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-04-22 20:51 - 2014-04-22 20:51 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-04-22 20:49 - 2014-04-22 20:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-04-22 20:29 - 2012-02-11 13:10 - 00000000 ____D () C:\Program Files\CheckPoint
    2014-04-22 20:18 - 2014-04-22 20:18 - 00061440 _____ ( ) C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
    2014-04-22 20:17 - 2014-04-22 20:17 - 04845384 _____ (Piriform Ltd) C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
    2014-04-22 20:11 - 2014-04-22 20:11 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
    2014-04-22 15:49 - 2014-01-17 13:19 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
    2014-04-22 09:28 - 2014-04-22 09:25 - 88882192 _____ (AVAST Software) C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
    2014-04-21 16:34 - 2005-01-09 13:00 - 00603718 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-21 08:27 - 2014-04-21 08:27 - 00000000 __SHD () C:\found.000
    2014-04-19 11:37 - 2012-05-22 19:52 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Adobe
    2014-04-17 19:28 - 2014-04-17 19:28 - 00010752 _____ () C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
    2014-04-16 23:18 - 2014-04-16 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-16 23:18 - 2014-04-16 23:17 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-16 23:18 - 2013-03-28 23:40 - 00000000 ____D () C:\Program Files\Java
    2014-04-14 20:13 - 2014-04-16 23:18 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-14 20:05 - 2014-04-16 23:18 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-14 20:05 - 2014-04-16 23:18 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-14 20:04 - 2014-04-16 23:18 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-14 19:47 - 2014-04-16 23:18 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000714 _____ () C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
    2014-04-13 23:38 - 2014-04-13 23:38 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2014-04-13 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000000 ____D () C:\Documents and Settings\Sid Bailey\Application Data\Malwarebytes
    2014-04-13 23:17 - 2013-11-21 21:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Sid Bailey\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Sid Bailey\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Sid Bailey\Local Settings\Temp\_TinDel.exe


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
    Ran by Sid Bailey at 2014-05-12 23:41:53
    Running from C:\Documents and Settings\Sid Bailey\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    Adobe AIR (Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.1.0 - Auslogics Labs Pty Ltd)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
    Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
    Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
    Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
    Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    Card Games for Windows (HKLM\...\Card Games for Windows) (Version:  - )
    CryptoPrevent v4.3.2 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
    LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
    Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version:  - )
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
    NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (Version: 6.14.10.13585 - NVIDIA Corporation) Hidden
    NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
    OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    PC Tune-Up (HKLM\...\PC Tune-Up) (Version: 2.2.0.1 - Large Software)
    PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5628 - Realtek Semiconductor Corp.)
    Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
    Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013 (HKLM\...\ZoneAlarm Backup Powered by IDrive_is1) (Version: 1.0.5 - ProSoftnet Corp)
    ZoneAlarm DataLock (Version: 11.0.000.020 - Check Point Software Technologies Ltd.) Hidden

    ==================== Restore Points  =========================

    12-02-2014 04:26:16 System Checkpoint
    13-02-2014 06:04:21 System Checkpoint
    13-02-2014 15:00:21 Software Distribution Service 3.0
    14-02-2014 19:29:33 System Checkpoint
    15-02-2014 23:50:12 System Checkpoint
    17-02-2014 02:36:52 System Checkpoint
    18-02-2014 04:53:57 System Checkpoint
    19-02-2014 18:20:56 System Checkpoint
    19-02-2014 20:35:08 Software Distribution Service 3.0
    21-02-2014 06:47:41 System Checkpoint
    22-02-2014 07:50:47 System Checkpoint
    23-02-2014 19:10:56 System Checkpoint
    24-02-2014 20:04:39 System Checkpoint
    26-02-2014 03:27:19 System Checkpoint
    27-02-2014 04:14:15 System Checkpoint
    01-03-2014 03:31:11 System Checkpoint
    02-03-2014 06:30:19 System Checkpoint
    03-03-2014 07:53:45 System Checkpoint
    04-03-2014 18:26:45 System Checkpoint
    05-03-2014 23:00:03 System Checkpoint
    06-03-2014 23:11:04 System Checkpoint
    08-03-2014 07:50:28 System Checkpoint
    09-03-2014 09:06:27 System Checkpoint
    10-03-2014 22:04:23 System Checkpoint
    12-03-2014 01:44:15 System Checkpoint
    13-03-2014 04:06:13 System Checkpoint
    13-03-2014 14:00:14 Software Distribution Service 3.0
    14-03-2014 14:00:15 Software Distribution Service 3.0
    16-03-2014 02:06:46 System Checkpoint
    17-03-2014 06:54:41 System Checkpoint
    19-03-2014 05:48:32 System Checkpoint
    19-03-2014 14:00:14 Software Distribution Service 3.0
    20-03-2014 21:37:39 System Checkpoint
    22-03-2014 05:57:05 System Checkpoint
    23-03-2014 07:05:21 System Checkpoint
    24-03-2014 08:16:40 System Checkpoint
    26-03-2014 05:00:42 System Checkpoint
    27-03-2014 06:46:53 System Checkpoint
    27-03-2014 14:00:19 Software Distribution Service 3.0
    28-03-2014 20:44:08 System Checkpoint
    30-03-2014 04:57:00 System Checkpoint
    31-03-2014 06:44:45 System Checkpoint
    02-04-2014 05:27:17 System Checkpoint
    03-04-2014 21:49:11 System Checkpoint
    05-04-2014 03:02:41 System Checkpoint
    06-04-2014 05:05:05 System Checkpoint
    07-04-2014 07:04:39 System Checkpoint
    08-04-2014 17:59:55 System Checkpoint
    09-04-2014 14:00:26 Software Distribution Service 3.0
    09-04-2014 18:23:58 Installed Windows KB954550-v5.
    09-04-2014 18:24:06 Printer Driver Microsoft XPS Document Writer Installed
    09-04-2014 18:24:16 Printer Driver Microsoft XPS Document Writer Installed
    09-04-2014 23:50:43 Restore Operation
    10-04-2014 19:46:04 Restore Operation
    12-04-2014 06:47:58 System Checkpoint
    14-04-2014 04:51:24 System Checkpoint
    15-04-2014 05:25:49 System Checkpoint
    16-04-2014 05:30:56 System Checkpoint
    17-04-2014 03:17:43 Installed Java 7 Update 55
    18-04-2014 05:35:55 System Checkpoint
    19-04-2014 07:03:57 System Checkpoint
    20-04-2014 10:08:08 System Checkpoint
    21-04-2014 11:00:39 System Checkpoint
    22-04-2014 11:02:46 System Checkpoint
    23-04-2014 00:51:01 avast! antivirus system restore point
    24-04-2014 03:54:19 System Checkpoint
    25-04-2014 04:52:00 System Checkpoint
    26-04-2014 08:49:56 System Checkpoint
    27-04-2014 08:59:27 System Checkpoint
    28-04-2014 11:35:55 System Checkpoint
    29-04-2014 12:27:56 System Checkpoint
    30-04-2014 15:49:21 System Checkpoint
    01-05-2014 21:46:01 System Checkpoint
    02-05-2014 14:00:14 Software Distribution Service 3.0
    03-05-2014 17:34:05 System Checkpoint
    04-05-2014 18:07:39 System Checkpoint
    05-05-2014 21:26:48 System Checkpoint
    06-05-2014 22:45:00 System Checkpoint
    08-05-2014 05:09:41 System Checkpoint
    09-05-2014 05:28:58 System Checkpoint
    11-05-2014 17:12:03 System Checkpoint
    12-05-2014 17:19:15 System Checkpoint

    ==================== Hosts content: ==========================

    2012-01-17 18:21 - 2014-03-13 20:19 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-05-12 16:50 - 2014-05-12 16:50 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051204\algo.dll
    2014-04-22 20:51 - 2014-04-22 20:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2005-01-09 19:48 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
    2005-01-09 19:48 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
    2012-01-17 18:21 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2012-01-17 18:22 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2012-07-03 18:29 - 2011-12-07 18:31 - 00303360 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    2012-07-03 18:29 - 2011-08-18 11:22 - 00323584 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation
    AlternateDataStreams: C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

    ==================== EXE Association (whitelisted) =============


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============

    Name: Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: NETGEAR WNA3100 N300 Wireless USB Adapter - Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: WAN Miniport (IP) - Kaspersky Anti-Virus NDIS Miniport
    Description: Kaspersky Anti-Virus NDIS Miniport
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Kaspersky Lab
    Service: klim5
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/24/2014 09:28:25 PM) (Source: crypt32) (User: ) (EventID: 5)
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....152A41D829C.crt> with error: This operation returned because the timeout period expired.

    Error: (04/23/2014 08:24:56 PM) (Source: crypt32) (User: ) (EventID: 5)
    Description: Failed auto update retrieval of third-party root certificate from: <http://www.download....64251B18118.crt> with error: This operation returned because the timeout period expired.


    System errors:
    =============
    Error: (05/12/2014 08:44:15 PM) (Source: Service Control Manager) (User: ) (EventID: 7011)
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (05/12/2014 08:42:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/12/2014 08:42:15 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
    Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service failed to start due to the following error:
    %%1053

    Error: (05/12/2014 08:42:15 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
    Description: Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 4.0.0.0 service to connect.

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
    Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The Media Center Extender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/12/2014 08:42:14 PM) (Source: Service Control Manager) (User: ) (EventID: 7031)
    Description: The WSWNA3100 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (04/24/2014 09:28:25 PM) (Source: crypt32) (User: ) (EventID: 5)
    Description: http://www.download....41D829C.crtThis operation returned because the timeout period expired.

    Error: (04/23/2014 08:24:56 PM) (Source: crypt32) (User: ) (EventID: 5)
    Description: http://www.download....1B18118.crtThis operation returned because the timeout period expired.


    ==================== Memory info ===========================

    Percentage of memory in use: 51%
    Total physical RAM: 1406.42 MB
    Available physical RAM: 675.66 MB
    Total Pagefile: 5350.43 MB
    Available Pagefile: 4699.04 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1966.05 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:139.04 GB) (Free:113.85 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149 GB) (Disk ID: 14CB14CB)
    Partition 1: (Not Active) - (Size=10 GB) - (Type=12)
    Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

     

    05/13/2014 00:01
    Scan of all local drives

    File C:\Documents and Settings\Sid Bailey\Desktop\Vision\Ie4\IE4NT_S4.CAB|>IE4NT_4.CAB|>IEXPLORE.CHM|>iexplore.hhk Error 42136 {CHM archive is corrupted.}
    File C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000085|>nl.kml Error 42125 {ZIP archive is corrupted.}
    File C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0000a6|>pt-PT.kml Error 42125 {ZIP archive is corrupted.}
    Number of searched folders: 11580
    Number of tested files: 613834
    Number of infected files: 0
     

    I do not use google earth, or have not used it since 2012 when trying to verify my "911" physical address for driver's license required update.  I will just uninstall program if that is your recommended solution.

    Sid


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    If you don't use it uninstall it.

     

    Has your PUP come back?


    • 1

    #12
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

        At this point in time, I do not know if this has gotten rid of the PUP.  I disabled the nightly scan last night when I ran the bootscan with Avast.  I was afraid the Malwarebytes scan might occur while the bootscan was in progress.  I will post the results of the Mbam scan in the morning, hopefully the little buggar is gone.  I have been gone all day since my post of the logs this morning and have been unable to do anything with the PC, the years are catching up with me.  Thanks for you patience and support on this vexing problem.

    Sid


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,701 posts
    • MVP

    No problem with delays.  I don't keep track.  I will be going on a month trip on Friday so not sure what access I will have so expect delays from Friday on.  Hopefully we got it all.


    • 1

    #14
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

        If this hasn't solved problem, I probably will moth-ball this PC, and spend time on new 8.1 machine trying to learn how to migrate through the swamp and quicksand of the Win 8.1 fiasco! :smashcomp:

    Sid

    PS: Is there any way to lock the type size when typing in the forums? or should I start a new topic & in which forum? :headscratch:


    • 0

    #15
    oldrailroadgeek

    oldrailroadgeek

      Member

    • Topic Starter
    • Member
    • PipPip
    • 83 posts

    RKinner,

         Here is the Mbam log from the latest Malwarebytes scan this morning and it looks like the PUP is finally GONE.  Thank you so much! :spoton:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/5/2014
    Scan Time: 9:57:09 AM
    Logfile: MBAM Quarantine5-5-14.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.05.04
    Rootkit Database: v2014.03.27.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Sid Bailey

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 250915
    Time Elapsed: 6 hr, 22 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1576569892-3062952477-2378348150-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearc...r=185964165&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=dsites05_14_17_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0AzzyEtC0F0EyBtByBtN0D0Tzu0SzzyEyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0B0D0C0A0EtGzytAyCtAtG0FtA0A0AtGyEyD0CtDtGtDyByDtBtD0C0CyDtD0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByE0FtC0D0DyE0CtGyB0AyBtCtGtByC0C0AtGtC0E0B0CtGtD0EzzyCtC0CtCtB0CyByDyB2Q&cr=185964165&ir=),,[daee9db0f7847eb896b586b35ba932ce]

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

    Thanks again for this resolution.

    Sid


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP