claiidd
-
Posts
30 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by claiidd
-
-
# AdwCleaner v3.000 - Report created 22/08/2013 at 11:26:06# Updated 20/08/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : CRAIG - CRAIG-PC# Running from : C:\Users\CRAIG\Downloads\AdwCleaner (1).exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:\ENDFile Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\Babylon.xmlFile Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\delta.xmlFile Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\user.jsFolder Found C:\ProgramData\BabylonFolder Found C:\Users\CRAIG\AppData\Local\PackageAwareFolder Found C:\Users\CRAIG\AppData\LocalLow\deltaFolder Found C:\Users\CRAIG\AppData\Roaming\DSite***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\BabylonToolbarKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\84da8fb63ebe42Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Found : HKLM\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCoreKey Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}Key Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Found : HKLM\Software\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSValue Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16455-\\ Mozilla Firefox v23.0.1 (en-US)[ File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js ]Line Found : user_pref("extensions.delta.admin", false);Line Found : user_pref("extensions.delta.aflt", "babsst");Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");Line Found : user_pref("extensions.delta.autoRvrt", "false");Line Found : user_pref("extensions.delta.dfltLng", "en");Line Found : user_pref("extensions.delta.excTlbr", false);Line Found : user_pref("extensions.delta.ffxUnstlRst", true);Line Found : user_pref("extensions.delta.id", "c24f22b30000000000000024d667f5c5");Line Found : user_pref("extensions.delta.instlDay", "15841");Line Found : user_pref("extensions.delta.instlRef", "sst");Line Found : user_pref("extensions.delta.newTab", false);Line Found : user_pref("extensions.delta.prdct", "delta");Line Found : user_pref("extensions.delta.prtnrId", "delta");Line Found : user_pref("extensions.delta.rvrt", "false");Line Found : user_pref("extensions.delta.smplGrp", "none");Line Found : user_pref("extensions.delta.tlbrId", "base");Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");Line Found : user_pref("extensions.delta.vrsn", "1.8.16.16");Line Found : user_pref("extensions.delta.vrsnTs", "1.8.16.169:38:48");Line Found : user_pref("extensions.delta.vrsni", "1.8.16.16");-\\ Google Chrome v29.0.1547.57[ File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\preferences ]Found : homepage*************************AdwCleaner[R0].txt - [5973 octets] - [22/08/2013 11:23:44]AdwCleaner[R1].txt - [5897 octets] - [22/08/2013 11:26:06]########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5957 octets] ##########
-
DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 3/19/2010 2:30:50 PMSystem Uptime: 8/22/2013 10:10:11 AM (0 hours ago).Motherboard: Dell Inc. | | 0DW634Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 232 GiB total, 39.01 GiB free.D: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP808: 8/11/2013 3:45:00 PM - Scheduled CheckpointRP809: 8/22/2013 10:02:31 AM - Removed Microsoft Works 6-9 Converter.==== Installed Programs ======================.Update for Microsoft Office 2007 (KB2508958)401(k) EasyAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Adobe SVG Viewer 3.0All Day Battery Life ConfigurationApple Application SupportApple Mobile Device SupportApple Software UpdateAuthenTec Fingerprint Softwareavast! Ad Blockeravast! Free AntivirusBioAPI FrameworkBonjourBroadcom NetXtreme-I Netlink Driver and Management InstallerBrother HL-3070CWBrother MFL-Pro SuiteBrother MFL-Pro Suite MFC-9320CWCanon RAW Image Task for ZoomBrowser EXCanon Utilities CameraWindowCanon Utilities CameraWindow DC_DV 6 for ZoomBrowser EXCanon Utilities Digital Photo Professional 3.4Canon Utilities EOS UtilityCanon Utilities MyCameraCanon Utilities Original Data Security ToolsCanon Utilities PhotoStitchCanon Utilities Picture Style EditorCanon Utilities RemoteCapture Task for ZoomBrowser EXCanon Utilities WFT-E1/E2/E3 UtilityCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityD3DX10DCP32MMWrapperDell Control PointDell ControlPoint Connection ManagerDell ControlPoint Security ManagerDell ControlPoint System ManagerDell Edoc ViewerDell Embassy Trust Suite by Wave SystemsDell Security Device Driver PackDell TouchpadDocument Manager LiteeFax MessengerEMBASSY Security CenterEMBASSY Security SetupEOS USB WIA DriverESC Home Page PluginFlipShareFootball Playbook v007GemaltoGoogle ChromeGoogle DriveGoogle Earth Plug-inGoogle Update HelperGoToMeeting 5.2.0.952iCloudIntel® Graphics Media Accelerator DriverIntel® TV WizardIntel® Matrix Storage ManageriTunesJava 7 Update 25Java Auto Updaterjoin.meJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Access 2002 RuntimeMicrosoft Application Error ReportingMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual Studio 2005 Tools for Office RuntimeMozilla Firefox 23.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.8 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)NTRU TCG Software StackOnline Armor 5.5PaperPort Image PrinterPlay Designer Series 2012PlayMaker Football 2.5PowerDVD DXPreboot ManagerPrivate Information ManagerQuickBooksQuickBooks Pro 2012QuickTimeScanSoft PaperPort 11Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit EditionSecurity WizardsSO32MMWrapperSpelling Dictionaries Support For Adobe Reader 9StreetSmart EdgeSupportSoft Assisted ServiceTouchCopy 09Trusted Drive ManagerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)UPEK TouchChip Fingerprint ReaderWave Infrastructure InstallerWave Support SoftwareWebExWindows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWinZip 16.0WinZip Courier.==== Event Viewer Messages From Past Week ========.8/22/2013 10:10:45 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.8/22/2013 10:10:33 AM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.8/21/2013 9:00:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.8/20/2013 8:41:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.8/20/2013 4:54:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.8/16/2013 1:08:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.8/16/2013 1:08:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service..==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.25.2Run by CRAIG at 10:51:47 on 2013-08-22Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1683 [GMT -6:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Fingerprint Sensor\AtService.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exeC:\Program Files\Online Armor\OAcat.exeC:\Program Files\Online Armor\oasrv.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exec:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exeC:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exeC:\Program Files\Flip Video\FlipShare\FlipShareService.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\rundll32.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Program Files\IDT\WDM\sttray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exeC:\Program Files\DellTPad\Apntex.exeC:\Windows\system32\conhost.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exeC:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Brother\Brmfcmon\BrMfimon.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Online Armor\oaui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Online Armor\OAhlp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exeC:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files\Intuit\QuickBooks 2009\QBW32.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\igfxext.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\conhost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Fast Free Converter 4.1: {8232785C-5C98-4A6E-B7B4-911FFBED7582} - c:\program files\fast free converter\fastfreeconverter\FastFreeConverter.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dllTB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exeuRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /RuRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exemRun: [Apoint] c:\program files\delltpad\Apoint.exemRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exemRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exemRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorunmRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe AutorunmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -bootmRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startupmRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2009\QBW32.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}Trusted Zone: advisoryworld.comTrusted Zone: schwabintsitutional.comTCP: NameServer = 192.168.1.1TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\157756374775966496 : DHCPNameServer = 192.168.9.1 64.134.255.2 64.134.255.10TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\16474777966696 : DHCPNameServer = 192.168.5.1TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\265656B6D616E6 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\3425149474D20534F5E4564777F627B6 : DHCPNameServer = 66.118.220.37 66.118.220.38TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\3456461627336303 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\34F607075627541676C656 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\564786F63747275616D683 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D7D7965B-28EC-4EA1-B211-FBBFD5AFE895} : DHCPNameServer = 192.168.1.1Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dllHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dllLSA: Authentication Packages = msv1_0 wvauthmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\craig\appdata\roaming\mozilla\firefox\profiles\l75bkxec.default\FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.delta.tlbrSrchUrl -FF - user.js: extensions.delta.id - c24f22b30000000000000024d667f5c5FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15841FF - user.js: extensions.delta.vrsn - 1.8.16.16FF - user.js: extensions.delta.vrsni - 1.8.16.16FF - user.js: extensions.delta.vrsnTs - 1.8.16.169:38:48FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.ffxUnstlRst - trueFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-8 49376]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-8 174664]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-19 765736]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-19 368944]R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-11-22 208320]R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-11-22 44992]R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-11-22 27648]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-19 29816]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-19 66336]R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-21 46808]R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\fast free converter\FastFreeConverterUpdt.exe [2012-11-26 687104]R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-21 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-21 701512]R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-11-23 216072]R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-14 1248256]R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2012-11-23 4463864]R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-15 260648]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-15 122368]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-21 22856]R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-15 6114816]R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2012-11-22 31768]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-15 47104]S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-15 49152]S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-15 38400]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-4 1343400].=============== Created Last 30 ================.2013-08-19 02:35:17 -------- d-----w- c:\users\craig\appdata\local\{636195DC-67FE-4F23-8E35-833F83E07AA3}2013-08-18 14:31:34 -------- d-----w- c:\users\craig\appdata\local\{A062EA6B-FDA1-4B13-9E73-D518156D429B}2013-08-18 02:31:11 -------- d-----w- c:\users\craig\appdata\local\{EB3DF760-341A-4100-9D86-F66B44EDB314}2013-08-14 16:59:43 -------- d-----w- c:\users\craig\appdata\local\{AB460F7C-C0C4-47D1-BD3B-66C4D6AF1209}2013-08-13 17:04:39 -------- d-----w- c:\users\craig\appdata\local\PlayMaker2013-08-13 17:04:36 -------- d-----w- c:\program files\PlayMaker.==================== Find3M ====================.2013-07-29 20:28:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-29 20:28:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-09 16:25:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-07-09 16:25:50 867240 ----a-w- c:\windows\system32\npDeployJava1.dll2013-07-09 16:25:50 789416 ----a-w- c:\windows\system32\deployJava1.dll.============= FINISH: 10:55:26.75 ===============
-
Running Avast, Malywarebytes, and online armor
Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.21.06Windows 7 Service Pack 1 x86 NTFSInternet Explorer 9.0.8112.16421CRAIG :: CRAIG-PC [administrator]Protection: Enabled8/22/2013 10:21:28 AMMBAM-log-2013-08-22 (10-43-11).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 242203Time elapsed: 20 minute(s), 56 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken.HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken.Registry Data Items Detected: 0(No malicious items detected) -
Cannot remove fast free converter. Not showing up in Chrome, but is in Firefox,(have disabled it) and Explorer (cannot disable). Additionally, I get a Windows error claiming I am not running an authentic version of windows 7 pro ... related?
-
# AdwCleaner v2.301 - Logfile created 05/17/2013 at 14:25:38
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : CRAIG - CRAIG-PC
# Boot Mode : Normal
# Running from : C:\Users\CRAIG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTFKL85K\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\END
File Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\Babylon.xml
File Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\delta.xml
Folder Found : C:\Program Files\Delta
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\CRAIG\AppData\Local\PackageAware
Folder Found : C:\Users\CRAIG\AppData\LocalLow\Delta
Folder Found : C:\Users\CRAIG\AppData\Roaming\Babylon
Folder Found : C:\Users\CRAIG\AppData\Roaming\Delta
Folder Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\ffxtlbr@delta.com
***** [Registry] *****
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\84da8fb63ebe42
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Found : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=119351&tt=gc_150213_alt&babsrc=[...]
Found : user_pref("browser.search.selectedEngine", "Delta Search");
Found : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?affID=119351&tt=gc_150213_alt&b[...]
Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.ffxUnstlRst", true);
Found : user_pref("extensions.delta.id", "c24f22b30000000000000024d667f5c5");
Found : user_pref("extensions.delta.instlDay", "15841");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.16.16");
Found : user_pref("extensions.delta.vrsnTs", "1.8.16.169:38:48");
Found : user_pref("extensions.delta.vrsni", "1.8.16.16");
-\\ Google Chrome v26.0.1410.64
File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found [l.2426] : homepage = "hxxp://www1.delta-search.com/?affID=119351&tt=gc_150213_alt&babsrc=HP_ss&mntrId=C24F0024D667F5C5",
Found [l.3017] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?affID=119351&tt=gc_150213_alt&babsrc=HP_ss&mntrId=C24F0024D667F5C5" ]
*************************
AdwCleaner[R1].txt - [7113 octets] - [21/11/2012 19:53:51]
AdwCleaner[R2].txt - [7173 octets] - [21/11/2012 20:12:02]
AdwCleaner[R3].txt - [1143 octets] - [06/12/2012 09:45:25]
AdwCleaner[R4].txt - [9183 octets] - [17/05/2013 14:25:38]
AdwCleaner[s1].txt - [7337 octets] - [21/11/2012 20:12:43]
########## EOF - C:\AdwCleaner[R4].txt - [9303 octets] ##########
-
I have tried to remove them, it will not let me.
-
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : CRAIG [Admin rights]
Mode : Scan -- Date : 05/17/2013 11:59:51
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] d85e28f24e6b15457e4402eecee0e541
[bSP] 03f896d43fd327991aba875e0b041025 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 178176 | Size: 750 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1714176 | Size: 237637 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05172013_02d1159.txt >>
RKreport[1]_S_05172013_02d1159.txt
-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.21.2
Run by CRAIG at 11:44:18 on 2013-05-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1660 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Wat\WatUX.exe
C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Fast Free Converter 4.1: {8232785C-5C98-4A6E-B7B4-911FFBED7582} - c:\program files\fast free converter\fastfreeconverter\FastFreeConverter.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.16.16\bh\delta.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - c:\program files\avast software\avast! ad blocker ie\Adblocker32.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} -
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [QuickLaunch] c:\program files\schwab\streetsmart edge\QuickLaunch.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_169_ActiveX.exe -update activex
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\craig\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2009\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: advisoryworld.com
Trusted Zone: schwabintsitutional.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\157756374775966496 : DHCPNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\265656B6D616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\3425149474D20534F5E4564777F627B6 : DHCPNameServer = 66.118.220.37 66.118.220.38
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\3456461627336303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}\34F607075627541676C656 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{D7D7965B-28EC-4EA1-B211-FBBFD5AFE895} : DHCPNameServer = 192.168.1.1
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\craig\appdata\roaming\mozilla\firefox\profiles\l75bkxec.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?affID=119351&tt=gc_150213_alt&babsrc=HP_ss&mntrId=C24F0024D667F5C5
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c24f22b30000000000000024d667f5c5
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15841
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.169:38:48
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-8 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-19 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-19 368176]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-11-22 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-11-22 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-11-22 27648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-19 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-19 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-3-8 45248]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\fast free converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-21 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-21 701512]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-11-23 216072]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2012-3-14 1248256]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-10-5 76288]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-1-15 260648]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-15 122368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-21 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-17 40776]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-15 6114816]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2012-11-22 31768]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-8 164736]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-15 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-1-15 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-1-15 38400]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
.
=============== Created Last 30 ================
.
2013-05-16 15:54:10 -------- d-----w- c:\program files\File Type Helper
2013-05-16 15:53:54 -------- d-----w- c:\program files\Fast Free Converter
2013-05-16 15:38:41 -------- d-----w- c:\program files\Delta
2013-05-16 15:38:35 -------- d-----w- c:\users\craig\appdata\roaming\Delta
2013-05-16 15:37:12 -------- d-----w- c:\users\craig\appdata\roaming\Babylon
2013-05-16 15:37:12 -------- d-----w- c:\programdata\Babylon
2013-05-16 15:37:11 -------- d-----w- c:\users\craig\appdata\roaming\DSite
2013-05-09 09:45:13 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a632f45e-fc5a-4e90-96dd-c153f5f4d218}\offreg.dll
2013-05-09 09:43:34 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a632f45e-fc5a-4e90-96dd-c153f5f4d218}\mpengine.dll
2013-04-23 14:14:21 -------- d-----w- c:\users\craig\appdata\local\{64055D0C-098C-4A12-9616-954173DC0FD8}
2013-04-19 02:38:46 -------- d-----w- c:\program files\MSECache
.
==================== Find3M ====================
.
2013-04-28 14:54:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-28 14:54:24 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-17 14:49:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-17 14:49:36 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-17 14:49:36 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 20:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:33:23 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 11:49:16.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2010 2:30:50 PM
System Uptime: 5/17/2013 8:41:20 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0DW634
Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2535/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 62.947 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP803: 4/17/2013 8:47:16 AM - Installed Java 7 Update 21
RP804: 5/4/2013 10:54:08 PM - Scheduled Checkpoint
RP805: 5/10/2013 2:43:29 PM - Installed StreetSmart Edge
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
401(k) Easy
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe SVG Viewer 3.0
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Software
avast! Ad Blocker
avast! Free Antivirus
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
Brother HL-3070CW
Brother MFL-Pro Suite
Brother MFL-Pro Suite MFC-9320CW
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
D3DX10
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Delta toolbar
Document Manager Lite
eFax Messenger
EMBASSY Security Center
EMBASSY Security Setup
EOS USB WIA Driver
ESC Home Page Plugin
Fast Free Converter
FlipShare
Football Playbook v007
Gemalto
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
GoToMeeting 5.2.0.952
iCloud
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java 7 Update 21
Java Auto Updater
join.me
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access 2002 Runtime
Microsoft Application Error Reporting
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works 6-9 Converter
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NTRU TCG Software Stack
Online Armor 5.5
PaperPort Image Printer
Play Designer Series 2012
PowerDVD DX
Preboot Manager
Private Information Manager
QuickBooks
QuickBooks Pro 2012
QuickTime
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Wizards
SO32MMWrapper
Spelling Dictionaries Support For Adobe Reader 9
StreetSmart Edge
SupportSoft Assisted Service
TouchCopy 09
Trusted Drive Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
WebEx
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 16.0
WinZip Courier
.
==== Event Viewer Messages From Past Week ========
.
5/17/2013 8:43:15 AM, Error: Service Control Manager [7034] - The AuthenTec Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).
5/17/2013 8:42:20 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
5/17/2013 8:42:12 AM, Error: Service Control Manager [7000] - The sbapifs service failed to start due to the following error: The system cannot find the file specified.
5/17/2013 8:37:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
5/17/2013 8:20:07 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
5/16/2013 9:54:03 AM, Error: Service Control Manager [7030] - The FastFreeConverterUpdt service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/16/2013 8:55:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/16/2013 7:39:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
5/16/2013 12:57:55 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: Access is denied.
5/16/2013 1:28:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect.
5/16/2013 1:28:09 PM, Error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2013 7:32:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
5/15/2013 12:44:53 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 2 time(s).
5/14/2013 10:43:59 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/13/2013 3:57:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/12/2013 4:52:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
.
==== End Of File ===========================
-
Google Chrome taken over by Delta Search redirect.
Avast gave me 4 files that "could not be scanned" and they appear to be malware, however I cannot move to the chest.
Thanks!
-
Jeff,
System is running well ... no more redirect. Browsing at normal speeds while running multiple apps.
here is the log:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: vhixznmnss@vhixznmnss.org:2.5 removed from extensions.enabledAddons
C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\vhixznmnss@vhixznmnss.org.xpi moved successfully.
C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\CRAIG\Desktop\cmd.bat deleted successfully.
C:\Users\CRAIG\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: CRAIG
->Temp folder emptied: 54978185 bytes
->Temporary Internet Files folder emptied: 94742365 bytes
->Java cache emptied: 5692243 bytes
->FireFox cache emptied: 237214311 bytes
->Google Chrome cache emptied: 394121619 bytes
->Flash cache emptied: 3867048 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 147183 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2215445770 bytes
Total Files Cleaned = 2,867.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12072012_083927
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
No, not at all!
-
here is the one from adwclearner:
# AdwCleaner v2.011 - Logfile created 12/06/2012 at 08:45:25
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : CRAIG - CRAIG-PC
# Boot Mode : Normal
# Running from : C:\Users\CRAIG\Desktop\AdwCleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.95
File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7113 octets] - [21/11/2012 18:53:51]
AdwCleaner[R2].txt - [7173 octets] - [21/11/2012 19:12:02]
AdwCleaner[R3].txt - [955 octets] - [06/12/2012 08:45:25]
AdwCleaner[s1].txt - [7337 octets] - [21/11/2012 19:12:43]
########## EOF - C:\AdwCleaner[R3].txt - [1074 octets] ##########
-
second otl file:
OTL Extras logfile created on: 12/6/2012 8:14:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CRAIG\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.46 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 55.58% Memory free
6.91 Gb Paging File | 5.08 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.07 Gb Total Space | 82.73 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Computer Name: CRAIG-PC | User Name: CRAIG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01849879-10C3-43A6-BCED-34484722FD29}" = rport=138 | protocol=17 | dir=out | app=system |
"{097B81AD-047A-4CEB-B56E-158A515EDFD8}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{0F025ABF-82A6-45DA-ADFA-5F5E9BA26DE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{159CB440-4D26-41E8-B0EE-834A2D3821BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{23BE3105-F1B8-4F9A-BA3B-37151A97F137}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25A1F9DF-919F-424A-A9A7-9A672C0C55B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2FB715C0-E04A-4FB4-97D9-8AE43A0A73BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A726CB9-2803-4285-B295-6A59318D8F5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AC5ED09-2D32-498B-A943-5EAA42B134EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47B49FE6-F428-4DB9-92F7-63CF67569C73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4942378F-968F-4834-BD3D-03138A7B6FDA}" = rport=445 | protocol=6 | dir=out | app=system |
"{4A948273-BADF-428D-8D98-E3761AAF5B33}" = lport=10243 | protocol=6 | dir=in | app=system |
"{573F9B37-7119-42AB-B06D-046C0EDDCA40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{580C88D2-C4F2-4EFE-80F3-080088676FD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{639A5583-FA4E-4A30-8D64-B8B996A44518}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{63F615CC-3C9B-4769-B09C-590DC7667B5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6986D38B-437E-453F-87A8-BAB2D48D92BE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{71A80F8D-0BA7-4623-BDCF-26EB2C656D1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{740EA220-DE2A-46BB-9CB9-1EC9EA29D4F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76EE72B9-D92D-4A83-96CB-F856D5BF9DCD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{99CD0C4D-63A5-4588-B298-93B8AE105189}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6602296-5BFF-4A63-863E-36604ACA1E52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC496DCA-8AE6-43F4-8DB3-CE47672772E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AEFF4D7E-5EC8-4FB0-8C71-81312055F312}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{AF1424D6-A7E0-4167-A357-F8E47CF6EE87}" = lport=445 | protocol=6 | dir=in | app=system |
"{B33A7DC6-D1F7-4BD9-9EA1-EBA6372E884B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA63D2F5-9C62-40AF-B311-5B7711341568}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{DF5B92D7-77A7-4F15-85FF-1D5A24A68093}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7444156-A458-4FEA-955B-39430C8C760D}" = lport=137 | protocol=17 | dir=in | app=system |
"{FECBD797-D0B6-434F-B959-45D01BB25B1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0124A0D1-E440-4BF1-96A1-AF56B9C17A51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{027C4706-F27D-401C-9AA8-89D3CB02565B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F5BA4F2-EE77-41F1-A30F-30BBA69F6A42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22B4A4AF-7A29-4A9A-806A-C191FE72E124}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2CE0F860-8E55-4135-B4DD-5D7A721985CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33C69D07-0B59-48A6-8C40-9FEF4F05E67A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{3926886C-C327-429F-8439-64D108D28A41}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{420662E0-90C3-483B-AC9C-D86C29A68672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4D6DDD35-324F-4113-9B60-BB0CEA31C412}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51F64099-9707-4347-BD8D-24961573DC83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55B01D97-9578-4084-996F-6C5F039842B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{693027BC-BC22-43B0-85AF-B9C23396463C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A615607-6E8B-49B2-963D-384909247D0F}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |
"{706A42DF-A9B2-4E18-9A83-76B0567CBC27}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7153519A-72AD-48E0-9AD4-70634B2354C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{727841EF-74F9-400E-9FC5-1D17C7DF9094}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7AC00F1B-09B5-4172-8E85-FE9A67D3F251}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D119DC9-CC57-405C-B910-84CD0FC17F8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F5A6F82-7622-4E6A-8160-EFAEABECE2FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A57293C9-E054-43B0-95C8-7FE7A3CD318C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9FEC4B0-EBE7-49AB-B2AD-79264A23290D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B358272F-89AF-4099-A671-1753EB018D40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDD092A5-FC13-4372-ACD5-C6B4224C39CC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D5DEBEED-4838-4602-B493-4CAD051EAD11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D68FECB0-8A77-465A-8477-28530A9328D4}" = protocol=6 | dir=out | app=system |
"{E365A667-6CD1-429E-9B74-BA114BDDD9CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4738EAF-BC07-41D5-85ED-30F28E520C42}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F26BDD44-2FD3-4B3E-A77D-AE4B6EF77747}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |
"TCP Query User{098D0ACA-3BDA-415B-A374-FFB83B08C002}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{38DDCABD-AEF8-41EC-BBE8-34A368D277DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4EEAD9CC-5FFF-40FB-A738-02D0E10A07E6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{F1E67C2E-46EC-48F8-A86C-5CE996822848}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{F5405012-5390-42FE-9501-42EB8D818C07}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{FBCE9F70-79D5-479D-A13A-4989BB977693}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2C847039-C527-46B1-A7FC-7089D2D6DA58}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{557F436E-D692-4EFF-BA3C-4C80CEAB3703}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{56692C11-8F8C-4298-B40A-F580E3816A15}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{973747AA-03C8-4682-B1BD-E0571EA975AB}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{D9F00663-6A24-4B3A-BEB0-CED3767328ED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08C603B3-6023-42FE-B967-1CBB4C7CEBBF}" = Play Designer Series 2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40B420D0-5B97-4FF9-B5D1-0D839882BA91}" = Brother HL-3070CW
"{460B7EDA-9425-471B-AC11-C2E80049DEB4}" = TouchCopy 09
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9320CW
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CA}" = WinZip 16.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"401(k) Easy" = 401(k) Easy
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"avast" = avast! Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"Football Playbook v007" = Football Playbook v007
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"OnlineArmor_is1" = Online Armor 5.5
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TVWiz" = Intel® TV Wizard
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.2.0.952
"JoinMe" = join.me
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/6/2012 11:32:57 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:32:57.523]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:33:32 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:33:32.678]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:34:16 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:34:16.305]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:34:55 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:34:55.591]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:35:32 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:35:32.177]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:36:15 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:36:15.354]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:36:50 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:36:50.473]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:37:25 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:37:25.625]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:38:00 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:38:00.814]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
Error - 12/6/2012 11:38:36 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/12/06 08:38:36.184]: [00004072]: GetDeviceIpAddress:
GetAddressByName [bRW5CAC4CB8A17B] Error
[ Media Center Events ]
Error - 2/17/2012 7:20:48 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 4:20:47 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)
Error - 2/17/2012 8:24:39 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 5:24:38 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)
Error - 2/17/2012 9:28:30 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 6:28:29 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)
Error - 8/31/2012 6:48:17 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 4:48:08 PM - Error connecting to the internet. 4:48:09 PM - Unable
to contact server..
Error - 9/2/2012 11:35:10 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 9:35:10 AM - Error connecting to the internet. 9:35:10 AM - Unable
to contact server..
Error - 9/2/2012 11:36:30 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 9:35:39 AM - Error connecting to the internet. 9:35:39 AM - Unable
to contact server..
Error - 9/9/2012 6:42:21 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 4:42:20 PM - Error connecting to the internet. 4:42:20 PM - Unable
to contact server..
Error - 9/9/2012 6:42:56 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 4:42:50 PM - Error connecting to the internet. 4:42:50 PM - Unable
to contact server..
Error - 9/9/2012 7:43:45 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 5:43:45 PM - Error connecting to the internet. 5:43:45 PM - Unable
to contact server..
Error - 9/9/2012 7:44:20 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0
Description = 5:44:15 PM - Error connecting to the internet. 5:44:15 PM - Unable
to contact server..
[ OSession Events ]
Error - 9/18/2011 12:58:23 PM | Computer Name = CRAIG-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 135995
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/30/2012 6:24:04 PM | Computer Name = CRAIG-PC | Source = DCOM | ID = 10010
Description =
Error - 12/3/2012 2:52:26 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 12/3/2012 7:49:15 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HomeGroupListener service.
Error - 12/4/2012 10:35:48 AM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 12/4/2012 5:04:15 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7000
Description = The sbapifs service failed to start due to the following error: %%2
Error - 12/4/2012 5:05:39 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0
Error - 12/4/2012 5:06:12 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 12/4/2012 11:55:49 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.
Error - 12/5/2012 11:13:27 AM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.
Error - 12/5/2012 4:55:19 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
< End of report >
-
here is the first otl file:
OTL logfile created on: 12/6/2012 8:14:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CRAIG\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.46 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 55.58% Memory free
6.91 Gb Paging File | 5.08 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.07 Gb Total Space | 82.73 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Computer Name: CRAIG-PC | User Name: CRAIG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\CRAIG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll ()
MOD - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll ()
MOD - C:\Windows\System32\wxvault.dll ()
MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()
========== Services (SafeList) ==========
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
========== Driver Services (SafeList) ==========
DRV - (sbapifs) -- system32\DRIVERS\sbapifs.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found
DRV - (mbr) -- C:\Users\CRAIG\AppData\Local\Temp\mbr.sys File not found
DRV - (catchme) -- C:\Users\CRAIG\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\CRAIG\AppData\Local\Temp\aswMBR.sys File not found
DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Emsisoft)
DRV - (oahlpXX) -- C:\Windows\System32\drivers\oahlp32.sys ()
DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2525ADB0-4794-4F41-BA96-EEEE08B66B25}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{064CE71C-B002-46AC-8BF2-38AA2FD3B510}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20110901&iesrc={referrer:source}
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: vhixznmnss@vhixznmnss.org:2.5
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/19 10:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 14:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/30 11:16:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012/02/23 11:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Extensions
[2012/11/21 19:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions
[2009/07/13 16:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\vhixznmnss@vhixznmnss.org.xpi
[2012/10/27 14:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/19 10:29:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/10/27 14:41:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/27 08:11:19 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/09/10 07:18:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/14 09:41:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\
CHR - Extension: YouTube = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/11/21 12:24:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..Trusted Domains: schwabintsitutional.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..Trusted Domains: wallst.com ([*.sim] * in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.118.220.37 66.118.220.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}: DhcpNameServer = 66.118.220.37 66.118.220.38
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/12/06 08:10:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CRAIG\Desktop\OTL.exe
[2012/12/05 14:39:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\CRAIG\Desktop\dds.com
[2012/12/05 14:37:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\CRAIG\Desktop\aswMBR (1).exe
[2012/12/05 14:08:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/11/27 08:55:33 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\Macromedia
[2012/11/22 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{D4DF8825-ABC1-4DA0-B1D5-8129B2AF3F61}
[2012/11/22 09:56:37 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\Roxio Log Files
[2012/11/22 09:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/22 09:43:52 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\OnlineArmor
[2012/11/22 09:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2012/11/22 09:42:30 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012/11/22 09:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2012/11/22 09:42:29 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012/11/22 09:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012/11/22 09:14:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/21 22:04:00 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\Malwarebytes
[2012/11/21 22:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/21 22:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/21 22:03:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/21 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/21 21:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/21 09:45:43 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\temp
[2012/11/20 22:53:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs
[2012/11/20 20:42:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/20 20:42:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/19 15:20:27 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{F56D79DB-4B6C-4056-A91B-2D8440F3D8E1}
[2012/11/19 12:45:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/19 10:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/19 10:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/19 10:30:46 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/11/19 10:30:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/11/19 10:30:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/11/19 10:30:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/11/19 10:30:35 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/11/19 10:30:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/11/19 10:29:05 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/19 10:29:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/11/19 10:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/19 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/16 10:04:13 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{6D23612F-138F-456F-96BA-A0AB5C528A9E}
[2012/11/06 10:18:39 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{57324580-4267-4FC3-9EF8-B1AE015904D6}
[2011/10/26 19:38:11 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\CRAIG\AppData\Local\log4cxx.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/06 08:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CRAIG\Desktop\OTL.exe
[2012/12/06 07:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 07:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 19:43:30 | 000,000,512 | ---- | M] () -- C:\Users\CRAIG\Desktop\MBR.dat
[2012/12/05 14:39:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\CRAIG\Desktop\dds.com
[2012/12/05 14:38:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\CRAIG\Desktop\aswMBR (1).exe
[2012/12/05 13:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/04 14:30:51 | 000,000,363 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/12/04 14:30:48 | 000,000,000 | ---- | M] () -- C:\Users\CRAIG\AppData\Local\WavXMapDrive.bat
[2012/12/04 14:13:17 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 14:13:17 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 14:04:15 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/12/04 12:30:03 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/04 09:54:21 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/12/02 22:44:06 | 000,044,909 | ---- | M] () -- C:\Users\CRAIG\Desktop\sales nov 29.pdf
[2012/12/01 00:15:16 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/28 09:02:43 | 000,709,507 | ---- | M] () -- C:\Users\CRAIG\Desktop\2011 Federal Client Copy Return for Arnwine.pdf
[2012/11/27 13:37:10 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/27 13:37:10 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/23 10:04:14 | 000,031,768 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012/11/23 10:04:12 | 000,027,648 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012/11/23 10:02:31 | 000,044,992 | ---- | M] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012/11/23 09:59:49 | 000,208,320 | ---- | M] () -- C:\Windows\System32\drivers\OADriver.sys
[2012/11/22 10:56:29 | 000,317,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/22 09:57:24 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/11/22 09:46:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/21 22:56:51 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/11/21 22:03:48 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/21 12:24:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/19 10:34:34 | 000,002,221 | ---- | M] () -- C:\Users\CRAIG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/19 10:30:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/19 10:30:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/19 09:22:14 | 407,603,165 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/05 19:43:30 | 000,000,512 | ---- | C] () -- C:\Users\CRAIG\Desktop\MBR.dat
[2012/12/04 14:04:15 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/12/02 22:44:03 | 000,044,909 | ---- | C] () -- C:\Users\CRAIG\Desktop\sales nov 29.pdf
[2012/11/28 09:02:14 | 000,709,507 | ---- | C] () -- C:\Users\CRAIG\Desktop\2011 Federal Client Copy Return for Arnwine.pdf
[2012/11/22 09:57:24 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/11/22 09:46:58 | 000,094,208 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\common_functions.dll
[2012/11/22 09:42:30 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012/11/22 09:42:29 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012/11/21 22:35:33 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/11/21 22:03:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/19 10:34:34 | 000,002,322 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/19 10:34:34 | 000,002,221 | ---- | C] () -- C:\Users\CRAIG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/19 10:30:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/16 03:03:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 03:01:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/06/21 14:33:58 | 000,000,000 | ---- | C] () -- C:\Users\CRAIG\AppData\Roaming\bibstats
[2012/04/03 20:21:46 | 000,157,440 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/17 14:37:25 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BD9320CW.DAT
[2012/01/17 14:34:22 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/09/02 04:08:50 | 000,102,400 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\ie_runner_app.exe
[2011/08/22 14:08:55 | 000,095,232 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 13:54:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/02 10:42:46 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/02/02 10:42:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/02/02 10:42:21 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2011/02/02 10:37:18 | 000,000,363 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/01/07 12:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe
[2011/01/04 13:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe
[2010/03/19 13:31:47 | 000,000,000 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\WavXMapDrive.bat
========== ZeroAccess Check ==========
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/03/19 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Broadcom
[2010/07/05 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Canon
[2012/11/22 09:48:33 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\CoffeeCup Software
[2012/02/23 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/09 15:10:55 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\FixTDSS
[2011/08/22 14:08:41 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Flip Video
[2011/09/13 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\GeoVid
[2012/11/22 09:44:02 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\OnlineArmor
[2012/01/17 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\ScanSoft
[2012/05/07 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Thunderbird
[2010/03/19 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Wave Systems Corp
[2012/03/27 08:12:07 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\webex
[2011/08/09 13:14:56 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\WheelBarrow Software Inc
[2012/02/15 08:30:13 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Windows Live Writer
[2012/01/17 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Zeon
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2010/01/15 12:36:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/01/15 12:36:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/01/15 12:36:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/01/15 12:36:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\CRAIG\Desktop\joe card.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\CRAIG\Desktop\champs picture.jpg:Roxio EMC Stream
< End of report >
-
-
when I right click on dds, i do not get a "run as admin" option. When I do try to run it, it freezes.
-
Jeff,
It's back. Let's take a look and see I guess. I will try to find operating disks this evening.
Thanks
-
Jeff,
Satisfied! Thank you
-
It's running well. I'm on a much slower connection at my house vs. office, and I don't run near as many apps. However, everything appears fine!
I was only (erroneously) using Micorsoft Security Essentials. Now running avast as well. What would you recommend I use with those?
-
the second found 3 threats and they were deleted. However, it did not give a log. Two were html.canadian pharmacy?
-
<p>done.</p>
<p> </p>
<p>here is the log from the first. found nothing.</p>
<p> </p>
<p> </p>
<div>Malwarebytes Anti-Malware 1.65.1.1000</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2012.11.22.01</div>
<div> </div>
<div>Windows 7 Service Pack 1 x86 NTFS</div>
<div>Internet Explorer 9.0.8112.16421</div>
<div>CRAIG :: CRAIG-PC [administrator]</div>
<div> </div>
<div>11/21/2012 10:05:08 PM</div>
<div>mbam-log-2012-11-21 (22-05-08).txt</div>
<div> </div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 225772</div>
<div>Time elapsed: 8 minute(s), 48 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>
<div> </div>
-
Jeff, I think we got it! Running good and no redirect.
Here is the log:
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 19:12:43
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : CRAIG - CRAIG-PC
# Boot Mode : Normal
# Running from : C:\Users\CRAIG\Downloads\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billeo.lnk
File Deleted : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free_TV_Bar_c3
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\CRAIG\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\CRAIG\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\CRAIG\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CRAIG\AppData\LocalLow\Free_TV_Bar_c3
Folder Deleted : C:\Users\CRAIG\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
Folder Deleted : C:\Users\CRAIG\Documents\Billeo
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Free_TV_Bar_c3
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\Software\Billeo
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar.1
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D0C15E-16CF-434C-94DA-8EB24BD5D399}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94510F77-E53C-4273-BD91-77AA8909902F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand
Key Deleted : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2399412
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0D64E3C-4B40-3020-B26E-0AB9B12B38A9}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Free_TV_Bar_c3
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85D0C15E-16CF-434C-94DA-8EB24BD5D399}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar_c3 Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6576EBAA-B570-4345-98E4-96153C77CF24}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js
C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
-\\ Google Chrome v [unable to get version]
File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [7113 octets] - [21/11/2012 18:53:51]
AdwCleaner[R2].txt - [7173 octets] - [21/11/2012 19:12:02]
AdwCleaner[s1].txt - [7208 octets] - [21/11/2012 19:12:43]
########## EOF - C:\AdwCleaner[s1].txt - [7268 octets] ##########
-
Thanks Jeff,
Here is the log.
# AdwCleaner v2.008 - Logfile created 11/21/2012 at 18:53:51
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : CRAIG - CRAIG-PC
# Boot Mode : Normal
# Running from : C:\Users\CRAIG\Downloads\AdwCleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billeo.lnk
File Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free_TV_Bar_c3
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Users\CRAIG\AppData\Local\Ilivid Player
Folder Found : C:\Users\CRAIG\AppData\LocalLow\Billeo
Folder Found : C:\Users\CRAIG\AppData\LocalLow\Conduit
Folder Found : C:\Users\CRAIG\AppData\LocalLow\Free_TV_Bar_c3
Folder Found : C:\Users\CRAIG\AppData\LocalLow\PriceGong
Folder Found : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
Folder Found : C:\Users\CRAIG\Documents\Billeo
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\CompeteInc
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Free_TV_Bar_c3
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\Software\Billeo
Key Found : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar
Key Found : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar.1
Key Found : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar
Key Found : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D0C15E-16CF-434C-94DA-8EB24BD5D399}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94510F77-E53C-4273-BD91-77AA8909902F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand
Key Found : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2399412
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D0D64E3C-4B40-3020-B26E-0AB9B12B38A9}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Free_TV_Bar_c3
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85D0C15E-16CF-434C-94DA-8EB24BD5D399}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free_TV_Bar_c3 Toolbar
Key Found : HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6576EBAA-B570-4345-98E4-96153C77CF24}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js
Found : user_pref("browser.search.defaultenginename", "Search Results");
Found : user_pref("browser.search.order.1", "Search Results");
-\\ Google Chrome v [unable to get version]
File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [6984 octets] - [21/11/2012 18:53:51]
########## EOF - C:\AdwCleaner[R1].txt - [7044 octets] ##########
-
Hey Jeff,
Everything seems to be running faster. I still have a redirect on firefox. Also, when the machine rebooted it said there was an error in removing the upromise toolbar.
Here is the log:
ComboFix 12-11-21.01 - CRAIG 11/21/2012 12:11:08.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3539.1525 [GMT -7:00]
Running from: c:\users\CRAIG\Desktop\ComboFix.exe
Command switches used :: c:\users\CRAIG\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\free_tv_bar_c3\tbFree.dll
c:\program files\upromise\upromisetoolbar.dll
c:\users\craig\appdata\roaming\Cyelm
c:\users\craig\appdata\roaming\Muwao
c:\users\craig\appdata\roaming\Pyow
c:\users\craig\appdata\roaming\Pyow\padog.gaq
c:\windows\system32\logs\log-00003.xml
c:\windows\system32\logs . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-21 19:22 . 2012-11-21 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 16:45 . 2012-11-21 19:25 -------- d-----w- c:\users\CRAIG\AppData\Local\temp
2012-11-21 05:53 . 2012-11-21 19:24 -------- d-----w- c:\windows\system32\Logs
2012-11-21 02:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{547CEB22-0816-4932-8843-11D408533927}\mpengine.dll
2012-11-20 19:08 . 2012-11-20 19:08 -------- d-----w- c:\program files\Common Files\Java
2012-11-20 19:08 . 2012-11-20 19:07 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-20 19:07 . 2012-11-20 19:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-20 18:55 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-19 17:30 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-19 17:30 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-19 17:30 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-19 17:30 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-19 17:30 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-19 17:30 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-19 17:29 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-19 17:29 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-19 17:28 . 2012-11-19 17:28 -------- d-----w- c:\programdata\AVAST Software
2012-11-19 17:28 . 2012-11-19 17:28 -------- d-----w- c:\program files\AVAST Software
2012-11-16 10:02 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 10:02 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 10:02 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 10:02 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 10:02 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 10:02 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 10:02 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 10:02 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 10:02 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 16:07 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 16:07 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 16:07 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 16:07 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 16:07 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 16:07 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 16:07 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 16:07 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 16:07 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 16:07 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 16:07 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 16:07 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-30 18:16 . 2012-11-21 17:13 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:24 . 2010-03-19 20:31 0 ----a-w- c:\users\CRAIG\AppData\Local\WavXMapDrive.bat
2012-11-20 19:07 . 2010-04-18 16:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-28 15:00 . 2012-10-20 17:52 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A01E92D-E9F0-4A19-80BB-290C7B1301A7}\gapaengine.dll
2012-09-28 15:00 . 2012-06-13 15:31 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-21 04:38 . 2011-09-01 19:12 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 04:38 . 2010-11-17 20:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-14 18:28 . 2012-10-10 05:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-10 14:26 . 2010-11-17 20:25 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-10 14:26 . 2010-11-17 20:25 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-10 14:25 . 2011-09-01 19:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-10 14:25 . 2010-11-17 20:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-02 17:08 . 2011-10-02 23:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-02 16:37 . 2010-12-10 15:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-31 17:18 . 2012-10-10 05:00 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 04:03 . 2012-08-31 04:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 04:03 . 2010-10-25 04:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-10 05:00 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 05:00 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 05:00 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-27 21:41 . 2012-10-27 21:40 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 00:41 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2011-08-04 267584]
"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2011-09-02 279896]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2012-05-16 915248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-10-06 1826816]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-07-27 134656]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-08-14 15872]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-03-14 2215768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Billeo.lnk - c:\program files\Billeo\billeo.exe [N/A]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1245472]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-6-5 5982040]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-6-5 1176464]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2009\QBW32.EXE [2012-6-5 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [x]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [x]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 21:52]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: schwabintsitutional.com
Trusted Zone: wallst.com\*.sim
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-19 10:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2270400815-616284404-3630716744-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2270400815-616284404-3630716744-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(3252)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\conhost.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-11-21 12:30:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-21 19:30
ComboFix2.txt 2012-11-21 16:53
ComboFix3.txt 2012-11-21 15:50
ComboFix4.txt 2012-11-21 06:01
.
Pre-Run: 84,321,107,968 bytes free
Post-Run: 84,269,613,056 bytes free
.
- - End Of File - - 5322CB59EDFD83B6A52E8836DF1C8099
Need to remove Fast Free Conveter
in Resolved Malware Removal Logs
Posted