PUP2 keeps coming back every day after quarantined removal by Malewarebytes Antimaleware Premium with computer disconnected from internet by removal of DSL line connection. PUP first showed up while this PC was still in use for internet service. While trying to download speedyfox from g2g link, I inadvertently clicked the wrong download button for speedyfox and didn't realize it until I began the installation. I immediately ran the uninstall of the program and decided I did not require speedyfox as I was replacing this computer for internet service. The next morning I had a report from Malewarebytes that a non-malicious threat had been quarantined and I OKed the removal of the threat. {Malewarebytes automatically scans this computer daily at 2:00am and the report is displayed on the desktop every morning} I proceeded to disconnect the DSL line from this PC and installed it on the new PC. I continue to use this PC for prep of files for transfer to the new PC and to use the programs on this computer for my personal finances as I am not at all familiar with Win 8.1 on the new unit. Every morning with out internet service on this unit I get the same alert message from Malewarebytes that this same PUP has been detected and they have quarantined it for removal when I click OK, which I do. How does this PUP keep returning with no internet access. Malewarebytes updates daily when the PC is connected to the DSL, so it was up-to-date when I removed the DSL. How do I remove this PUP permanently?
Oldrailroadgeek
OTL.txt
OTL logfile created on: 5/3/2014 10:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.37 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 25.77% Memory free
5.23 Gb Paging File | 4.27 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 114.82 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/03 22:03:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sid Bailey\My Documents\Downloads\OTL.exe
PRC - [2014/04/29 21:37:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/22 21:10:45 | 000,533,568 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/04/22 20:51:34 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/22 20:51:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/02 09:30:11 | 002,199,840 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/02 09:29:55 | 001,617,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012/04/03 14:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 14:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 14:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/03/11 12:02:06 | 000,042,512 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupBackground.exe
PRC - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
PRC - [2010/03/11 12:00:50 | 002,000,400 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\ZoneAlarmBackup\ZABackupTray.exe
PRC - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/03 16:23:47 | 002,252,800 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14050301\algo.dll
MOD - [2014/05/01 20:11:30 | 001,020,928 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2014/04/29 21:37:33 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/04/29 03:03:28 | 016,351,920 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/04/22 20:51:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/04/22 14:39:24 | 000,645,592 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/09/22 03:08:48 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 03:29:00 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2013/08/16 03:24:04 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2013/08/16 03:23:56 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2013/08/16 03:23:51 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2013/08/16 03:23:22 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2013/08/16 03:23:00 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2013/08/16 03:22:53 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
MOD - [2013/08/16 03:22:41 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2013/08/16 03:22:24 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2013/08/16 03:22:10 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2013/08/16 03:21:55 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2013/08/16 03:21:41 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
MOD - [2011/08/18 11:22:38 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiLib.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/04/29 21:37:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/29 03:03:29 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/22 20:51:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/04/02 09:29:55 | 001,617,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2012/01/17 17:21:53 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/03/11 12:01:32 | 000,149,008 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe -- (ZoneAlarmBackup Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\lcmjpwf.sys -- (ifxqgb)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/05/03 21:37:19 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/22 20:51:37 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/04/22 20:51:37 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/04/22 20:51:37 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/04/22 20:51:37 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/04/22 20:51:37 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/04/22 20:51:37 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/04/22 20:51:37 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/04/22 20:51:37 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/09/10 23:18:17 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/01/17 17:21:53 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2012/01/17 17:20:05 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/12 17:43:00 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/02/03 11:21:56 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/01/29 13:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/01/29 13:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/01/25 21:01:06 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/10 15:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 15:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=185964165&ir=
IE - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=185964165&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearc...r=185964165&ir=
IE - HKCU\..\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9}: "URL" =
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/22 20:51:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/01/19 17:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Extensions
[2014/05/01 20:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions
[2014/05/01 20:11:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\extensions\[email protected]
[2014/04/10 16:19:49 | 000,001,500 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Mozilla\Firefox\Profiles\az78psk1.default-1394922522984\searchplugins\zonealarm.xml
[2014/04/29 21:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/04/29 21:37:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/04/29 21:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/29 21:37:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/22 20:51:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/03/13 20:19:05 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [ZoneAlarm Backup Startup] C:\Program Files\ZoneAlarmBackup\ZABackupStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Sid Bailey\Start Menu\Programs\Startup\ZoneAlarm Backup Tray.lnk = C:\Program Files\ZoneAlarmBackup\ZABackupReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1365637437500 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBDECE2E-1A23-498B-A6C9-C37C6CEEDAD4}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 21:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/01 20:11:31 | 011,211,264 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2014/05/01 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\LastPass
[2014/05/01 20:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LastPass
[2014/05/01 20:11:19 | 000,000,000 | ---D | C] -- C:\LastPass_1730492534
[2014/05/01 20:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\LastPass
[2014/04/29 21:37:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/25 19:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\SSB
[2014/04/25 19:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\MOB
[2014/04/25 19:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\Church Related
[2014/04/25 19:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Financial
[2014/04/23 20:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\Foolish IT
[2014/04/23 20:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foolish IT
[2014/04/23 20:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
[2014/04/23 20:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
[2014/04/23 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
[2014/04/22 23:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Nvidia Corporation
[2014/04/22 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/04/22 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\Temp
[2014/04/22 21:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
[2014/04/22 20:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/04/22 20:51:40 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/22 20:51:40 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/22 20:51:40 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/22 20:51:40 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/22 20:51:40 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/22 20:51:39 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/22 20:51:37 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/22 20:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/04/22 20:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/04/22 20:17:19 | 004,845,384 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
[2014/04/22 20:11:24 | 002,925,760 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
[2014/04/22 09:25:58 | 088,882,192 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
[2014/04/21 08:27:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/16 23:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/04/13 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sid Bailey\Start Menu\Programs\PC Tune-Up 2.2.0.1
[2014/04/13 23:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tune-Up
[2014/04/13 23:17:35 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/13 23:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/13 23:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/10 15:37:31 | 000,000,000 | ---D | C] -- C:\12bdf20f60ec5535a09cbe
[2014/04/09 14:18:36 | 000,000,000 | ---D | C] -- C:\f44a78990ffdc5e00561dc6ca7
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/03 22:03:07 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/03 21:37:19 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/03 21:11:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\MVPBR.INI
[2014/05/03 20:32:14 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/05/03 20:32:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/03 20:31:59 | 1474,809,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/03 20:31:59 | 000,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/05/03 11:03:20 | 000,040,986 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
[2014/05/01 20:11:35 | 011,211,264 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2014/05/01 20:11:35 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2014/05/01 20:11:30 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2014/05/01 20:11:23 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2014/04/30 11:08:48 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
[2014/04/30 10:50:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
[2014/04/30 10:46:53 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
[2014/04/28 15:20:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
[2014/04/26 11:02:38 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Ernie Williamson.xlr
[2014/04/26 01:05:41 | 000,000,018 | ---- | M] () -- C:\UserName.ini
[2014/04/25 19:49:37 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
[2014/04/25 16:21:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2014/04/23 20:45:42 | 000,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
[2014/04/23 20:33:04 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
[2014/04/23 19:19:25 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/23 11:04:51 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
[2014/04/22 23:23:08 | 000,001,000 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeForce Experience.lnk
[2014/04/22 20:52:05 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/22 20:51:37 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/22 20:51:37 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/22 20:51:37 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/22 20:51:37 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/22 20:51:37 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/22 20:51:37 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/22 20:51:37 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/22 20:51:37 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/22 20:51:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/22 20:51:37 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 20:18:35 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
[2014/04/22 20:17:32 | 004,845,384 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Sid Bailey\Desktop\spsetup125.exe
[2014/04/22 20:11:32 | 002,925,760 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Sid Bailey\Desktop\procexp.exe
[2014/04/22 15:49:34 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\Computer specs New 1-17-14.xlr
[2014/04/22 09:28:24 | 088,882,192 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Sid Bailey\Desktop\avast_free_antivirus_setup.exe
[2014/04/21 16:34:07 | 000,502,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/21 16:34:07 | 000,088,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/17 19:28:08 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:11:27 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/13 23:17:08 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite
[2014/04/09 10:07:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:24:33 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/07 13:10:22 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\ssb deposit ticket.wps
[2014/04/04 13:45:54 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/05/01 20:11:35 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2014/05/01 20:11:30 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2014/05/01 20:11:23 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2014/04/30 11:08:48 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Envelope-Cokesbury.wps
[2014/04/30 10:50:38 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Cokesbury.xlr
[2014/04/30 10:46:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Kathy Whittaker.xlr
[2014/04/28 15:20:38 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Southland.xlr
[2014/04/25 19:49:37 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Shortcut to My Documents.lnk
[2014/04/25 16:21:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2014/04/23 20:45:42 | 000,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CryptoPrevent.lnk
[2014/04/23 20:33:04 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\Update Checker.lnk
[2014/04/23 11:01:48 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\Mike-VA Beach Envelope.wps
[2014/04/22 21:20:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2014/04/22 20:52:05 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/04/22 20:51:40 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/22 20:51:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/22 20:51:40 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 20:37:15 | 1474,809,856 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/22 20:18:28 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Sid Bailey\Desktop\VEW.exe
[2014/04/17 19:28:07 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check Sid Bailey.xlr
[2014/04/17 19:11:26 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check WV Conference.xlr
[2014/04/13 23:38:57 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Desktop\PC Tune-Up.lnk
[2014/04/10 15:54:50 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite
[2014/04/09 14:25:12 | 000,102,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/04 13:45:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\My Documents\IUMC Check McDwell PSD.xlr
[2013/10/29 23:45:21 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/10/29 23:45:21 | 000,026,128 | ---- | C] () -- C:\WINDOWS\System32\ZABackupXceedCryReg.exe
[2013/10/29 23:45:20 | 000,441,705 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/09/07 19:06:12 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/15 03:24:20 | 001,054,366 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1576569892-3062952477-2378348150-1006-0.dat
[2013/08/15 03:24:13 | 000,199,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/06 19:12:30 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/29 12:02:26 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/07 12:16:26 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/03/29 01:38:54 | 000,177,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/07 15:21:28 | 002,005,969 | ---- | C] () -- C:\WINDOWS\Delete.exe
[2012/12/26 09:23:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 12:19:22 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\System32\BTImages.dat
[2012/09/09 15:38:51 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\PCTuneUp.config
[2012/07/03 18:29:41 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/01/31 11:41:43 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Local Settings\Application Data\fusioncache.dat
[2012/01/17 17:07:06 | 000,040,986 | ---- | C] () -- C:\Documents and Settings\Sid Bailey\Application Data\wklnhst.dat
========== ZeroAccess Check ==========
[2005/01/09 21:08:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/10/24 20:53:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/11/15 13:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/04/22 20:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/11 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/12/05 20:34:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/12/05 20:49:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2013/12/10 17:12:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMIG
[2013/09/01 17:32:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJQuickMenu
[2013/12/10 16:45:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/12/05 20:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/02/11 13:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/17 17:30:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/28 22:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/23 20:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/02/11 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/17 17:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/07/29 12:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/09/18 22:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
[2013/03/29 11:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2014/04/22 21:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVAST Software
[2012/01/30 20:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\AVG
[2013/12/10 16:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\canon
[2013/11/12 14:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CheckPoint
[2014/04/23 20:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\CrystalIdea Software
[2014/04/23 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DigitalSites
[2012/04/05 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\DVDVideoSoft
[2013/07/24 23:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\EurekaLog
[2013/09/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MailFrontier
[2012/05/22 19:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\MusicOasis
[2014/01/22 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\OpenOffice
[2013/12/26 21:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Oracle
[2013/03/18 11:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\SmartPCFix
[2012/01/20 22:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Special K Software
[2014/03/13 12:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\Template
[2014/02/01 22:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sid Bailey\Application Data\WinPatrol
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sid Bailey\My Documents\ISRX FLEET.pdf:SummaryInformation
< End of report >
OTL Extras
OTL Extras logfile created on: 5/3/2014 10:05:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sid Bailey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.37 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 25.77% Memory free
5.23 Gb Paging File | 4.27 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 4095 4095 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 114.82 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
Computer Name: YOUR-0C81E70C58 | User Name: Sid Bailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Reconnect To Technician] -- cmd.exe /c start iexplore.exe logmein123.com (Microsoft Corporation)
Directory [Start Team Viewer] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" = C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe:*:Enabled:NVIDIA Network Service TCP Exception (HTTPS) -- (NVIDIA Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series" = Canon MG2200 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 55
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1" = CryptoPrevent v4.3.2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C511D4D-FBD5-4748-822C-4E51BC0CC87E}" = ZoneAlarm DataLock
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Canon MG2200 series On-screen Manual" = Canon MG2200 series On-screen Manual
"Canon MG2200 series User Registration" = Canon MG2200 series User Registration
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"Card Games for Windows" = Card Games for Windows
"FileHippo.com" = FileHippo.com Update Checker
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LastPass" = LastPass (uninstall only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 29.0 (x86 en-US)" = Mozilla Firefox 29.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC Tune-Up" = PC Tune-Up
"Speccy" = Speccy
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"ZoneAlarm Backup Powered by IDrive_is1" = ZoneAlarm Backup Powered by IDrive version 1.0.5 March 14, 2013
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Digital Sites" = Update for Mipony Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/23/2014 8:24:56 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....4251B18118.crt>
with error: This operation returned because the timeout period expired.
Error - 4/24/2014 9:28:25 PM | Computer Name = YOUR-0C81E70C58 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....52A41D829C.crt>
with error: This operation returned because the timeout period expired.
[ System Events ]
Error - 4/24/2014 8:23:36 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.
Error - 4/25/2014 2:34:16 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.
Error - 4/30/2014 10:40:43 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.
Error - 4/30/2014 1:28:44 PM | Computer Name = YOUR-0C81E70C58 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 5/2/2014 10:17:38 AM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147500037 (0x80004005).
Error - 5/2/2014 10:18:08 AM | Computer Name = YOUR-0C81E70C58 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 5/3/2014 10:12:11 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 5/3/2014 10:12:25 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 5/3/2014 10:12:33 AM | Computer Name = YOUR-0C81E70C58 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 5/3/2014 8:33:08 PM | Computer Name = YOUR-0C81E70C58 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.
< End of report >