Jeffce - Zeroaccess infection

[claiidd]

Jeff,

It's back. Let's take a look and see I guess. I will try to find operating disks this evening.

Thanks

[jeffce]

Hi....be sure to Follow this Topic so that you get the responses.

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

• Disable any script blocking protection
  
• Right-click and Run as Administrator dds to run the tool.
  
• When done, two DDS.txt's will open.
  
• Save both reports to your desktop.
  

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt

----------

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  
• Click the Scan button to start scan.
  
• If you are asked to update the Avast Virus database please allow it to do so.
  
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it

----------

[claiidd]

when I right click on dds, i do not get a "run as admin" option. When I do try to run it, it freezes.

[jeffce]

Go ahead and try to run it from Safe Mode.

[claiidd]

Got it to work. Here you go

aswMBR1.txt

attach1txt.txt

dds1.txt

[jeffce]

So far I am not seeing anything...let's get a couple different looks.

OTL

• Download OTL to your desktop.
  
• Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Select All Users
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Under the Custom Scan box paste this in
  netsvcs
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    

----------

AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.
  

----------

[claiidd]

here is the first otl file:

OTL logfile created on: 12/6/2012 8:14:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CRAIG\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 55.58% Memory free

6.91 Gb Paging File | 5.08 Gb Available in Paging File | 73.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.07 Gb Total Space | 82.73 Gb Free Space | 35.65% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: CRAIG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CRAIG\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)

PRC - C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)

PRC - C:\Program Files\Online Armor\oahlp.exe (Emsisoft GmbH)

PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

PRC - C:\Program Files\QuickTime\QuickTimePlayer.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)

PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)

PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

PRC - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()

MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\Program Files\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll ()

MOD - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll ()

MOD - C:\Windows\System32\wxvault.dll ()

MOD - C:\Windows\System32\Wavx_ESC_Logging.dll ()

MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()

MOD - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll ()

========== Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found

SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\OAsrv.exe (Emsisoft GmbH)

SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)

SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)

SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)

SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)

SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

========== Driver Services (SafeList) ==========

DRV - (sbapifs) -- system32\DRIVERS\sbapifs.sys File not found

DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found

DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found

DRV - (mbr) -- C:\Users\CRAIG\AppData\Local\Temp\mbr.sys File not found

DRV - (catchme) -- C:\Users\CRAIG\AppData\Local\Temp\catchme.sys File not found

DRV - (aswMBR) -- C:\Users\CRAIG\AppData\Local\Temp\aswMBR.sys File not found

DRV - (OAnet) -- C:\Windows\System32\drivers\OAnet.sys (Emsisoft)

DRV - (OAmon) -- C:\Windows\System32\drivers\OAmon.sys (Emsisoft)

DRV - (oahlpXX) -- C:\Windows\System32\drivers\oahlp32.sys ()

DRV - (OADevice) -- C:\Windows\System32\drivers\OADriver.sys ()

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)

DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)

DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)

DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)

DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)

DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation)

DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{2525ADB0-4794-4F41-BA96-EEEE08B66B25}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{064CE71C-B002-46AC-8BF2-38AA2FD3B510}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20110901&iesrc={referrer:source}

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - prefs.js..extensions.enabledAddons: vhixznmnss@vhixznmnss.org:2.5

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/19 10:29:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:41:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 14:40:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/30 11:16:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/02/23 11:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Extensions

[2012/11/21 19:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions

[2009/07/13 16:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\vhixznmnss@vhixznmnss.org.xpi

[2012/10/27 14:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/11/19 10:29:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/10/27 14:41:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/03/27 08:11:19 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

[2012/09/10 07:18:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/14 09:41:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: WOT = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.12_0\

CHR - Extension: YouTube = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Gmail = C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/21 12:24:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found

O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)

O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..Trusted Domains: schwabintsitutional.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2270400815-616284404-3630716744-1000\..Trusted Domains: wallst.com ([*.sim] * in Trusted sites)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.118.220.37 66.118.220.38

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB33C30-1CBB-40AB-A4A7-AE8AEF573132}: DhcpNameServer = 66.118.220.37 66.118.220.38

O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)

O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 08:10:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CRAIG\Desktop\OTL.exe

[2012/12/05 14:39:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\CRAIG\Desktop\dds.com

[2012/12/05 14:37:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\CRAIG\Desktop\aswMBR (1).exe

[2012/12/05 14:08:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012/11/27 08:55:33 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\Macromedia

[2012/11/22 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{D4DF8825-ABC1-4DA0-B1D5-8129B2AF3F61}

[2012/11/22 09:56:37 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\Roxio Log Files

[2012/11/22 09:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/11/22 09:43:52 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\OnlineArmor

[2012/11/22 09:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor

[2012/11/22 09:42:30 | 000,027,648 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

[2012/11/22 09:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor

[2012/11/22 09:42:29 | 000,031,768 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys

[2012/11/22 09:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor

[2012/11/22 09:14:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/11/21 22:04:00 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Roaming\Malwarebytes

[2012/11/21 22:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/21 22:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/21 22:03:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/21 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/21 21:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/11/21 09:45:43 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\temp

[2012/11/20 22:53:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Logs

[2012/11/20 20:42:16 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/11/20 20:42:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/11/19 15:20:27 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{F56D79DB-4B6C-4056-A91B-2D8440F3D8E1}

[2012/11/19 12:45:40 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/11/19 10:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/11/19 10:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/11/19 10:30:46 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012/11/19 10:30:46 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012/11/19 10:30:38 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012/11/19 10:30:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012/11/19 10:30:35 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012/11/19 10:30:30 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012/11/19 10:29:05 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/11/19 10:29:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012/11/19 10:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/11/19 10:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/11/16 10:04:13 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{6D23612F-138F-456F-96BA-A0AB5C528A9E}

[2012/11/06 10:18:39 | 000,000,000 | ---D | C] -- C:\Users\CRAIG\AppData\Local\{57324580-4267-4FC3-9EF8-B1AE015904D6}

[2011/10/26 19:38:11 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\CRAIG\AppData\Local\log4cxx.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/06 08:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CRAIG\Desktop\OTL.exe

[2012/12/06 07:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/06 07:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/05 19:43:30 | 000,000,512 | ---- | M] () -- C:\Users\CRAIG\Desktop\MBR.dat

[2012/12/05 14:39:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\CRAIG\Desktop\dds.com

[2012/12/05 14:38:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\CRAIG\Desktop\aswMBR (1).exe

[2012/12/05 13:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/04 14:30:51 | 000,000,363 | ---- | M] () -- C:\Windows\Brownie.ini

[2012/12/04 14:30:48 | 000,000,000 | ---- | M] () -- C:\Users\CRAIG\AppData\Local\WavXMapDrive.bat

[2012/12/04 14:13:17 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/04 14:13:17 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/04 14:04:15 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/12/04 12:30:03 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/04 09:54:21 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012/12/02 22:44:06 | 000,044,909 | ---- | M] () -- C:\Users\CRAIG\Desktop\sales nov 29.pdf

[2012/12/01 00:15:16 | 000,002,322 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/11/28 09:02:43 | 000,709,507 | ---- | M] () -- C:\Users\CRAIG\Desktop\2011 Federal Client Copy Return for Arnwine.pdf

[2012/11/27 13:37:10 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/27 13:37:10 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/23 10:04:14 | 000,031,768 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys

[2012/11/23 10:04:12 | 000,027,648 | ---- | M] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys

[2012/11/23 10:02:31 | 000,044,992 | ---- | M] () -- C:\Windows\System32\drivers\oahlp32.sys

[2012/11/23 09:59:49 | 000,208,320 | ---- | M] () -- C:\Windows\System32\drivers\OADriver.sys

[2012/11/22 10:56:29 | 000,317,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/22 09:57:24 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI

[2012/11/22 09:46:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/11/21 22:56:51 | 000,001,441 | ---- | M] () -- C:\scu.dat

[2012/11/21 22:03:48 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/21 12:24:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/11/19 10:34:34 | 000,002,221 | ---- | M] () -- C:\Users\CRAIG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/11/19 10:30:48 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/11/19 10:30:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/11/19 09:22:14 | 407,603,165 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 19:43:30 | 000,000,512 | ---- | C] () -- C:\Users\CRAIG\Desktop\MBR.dat

[2012/12/04 14:04:15 | 000,001,024 | ---- | C] () -- C:\.rnd

[2012/12/02 22:44:03 | 000,044,909 | ---- | C] () -- C:\Users\CRAIG\Desktop\sales nov 29.pdf

[2012/11/28 09:02:14 | 000,709,507 | ---- | C] () -- C:\Users\CRAIG\Desktop\2011 Federal Client Copy Return for Arnwine.pdf

[2012/11/22 09:57:24 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI

[2012/11/22 09:46:58 | 000,094,208 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\common_functions.dll

[2012/11/22 09:42:30 | 000,044,992 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys

[2012/11/22 09:42:29 | 000,208,320 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys

[2012/11/21 22:35:33 | 000,001,441 | ---- | C] () -- C:\scu.dat

[2012/11/21 22:03:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/19 10:34:34 | 000,002,322 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/11/19 10:34:34 | 000,002,221 | ---- | C] () -- C:\Users\CRAIG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/11/19 10:30:48 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/11/16 03:03:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/16 03:01:59 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/06/21 14:33:58 | 000,000,000 | ---- | C] () -- C:\Users\CRAIG\AppData\Roaming\bibstats

[2012/04/03 20:21:46 | 000,157,440 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2012/01/17 14:37:25 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BD9320CW.DAT

[2012/01/17 14:34:22 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini

[2011/09/02 04:08:50 | 000,102,400 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\ie_runner_app.exe

[2011/08/22 14:08:55 | 000,095,232 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/02 13:54:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/02/02 10:42:46 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI

[2011/02/02 10:42:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2011/02/02 10:42:21 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI

[2011/02/02 10:37:18 | 000,000,363 | ---- | C] () -- C:\Windows\Brownie.ini

[2011/01/07 12:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe

[2011/01/04 13:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe

[2010/03/19 13:31:47 | 000,000,000 | ---- | C] () -- C:\Users\CRAIG\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/19 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Broadcom

[2010/07/05 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Canon

[2012/11/22 09:48:33 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\CoffeeCup Software

[2012/02/23 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/09 15:10:55 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\FixTDSS

[2011/08/22 14:08:41 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Flip Video

[2011/09/13 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\GeoVid

[2012/11/22 09:44:02 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\OnlineArmor

[2012/01/17 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\ScanSoft

[2012/05/07 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Thunderbird

[2010/03/19 13:31:47 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Wave Systems Corp

[2012/03/27 08:12:07 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\webex

[2011/08/09 13:14:56 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\WheelBarrow Software Inc

[2012/02/15 08:30:13 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Windows Live Writer

[2012/01/17 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\CRAIG\AppData\Roaming\Zeon

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2010/01/15 12:36:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe

[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2010/01/15 12:36:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010/01/15 12:36:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[2010/01/15 12:36:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe

[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\CRAIG\Desktop\joe card.JPG:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\CRAIG\Desktop\champs picture.jpg:Roxio EMC Stream

< End of report >

[claiidd]

second otl file:

OTL Extras logfile created on: 12/6/2012 8:14:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CRAIG\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 55.58% Memory free

6.91 Gb Paging File | 5.08 Gb Available in Paging File | 73.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232.07 Gb Total Space | 82.73 Gb Free Space | 35.65% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: CRAIG | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01849879-10C3-43A6-BCED-34484722FD29}" = rport=138 | protocol=17 | dir=out | app=system |

"{097B81AD-047A-4CEB-B56E-158A515EDFD8}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |

"{0F025ABF-82A6-45DA-ADFA-5F5E9BA26DE6}" = lport=139 | protocol=6 | dir=in | app=system |

"{159CB440-4D26-41E8-B0EE-834A2D3821BB}" = rport=139 | protocol=6 | dir=out | app=system |

"{23BE3105-F1B8-4F9A-BA3B-37151A97F137}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25A1F9DF-919F-424A-A9A7-9A672C0C55B2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2FB715C0-E04A-4FB4-97D9-8AE43A0A73BB}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3A726CB9-2803-4285-B295-6A59318D8F5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3AC5ED09-2D32-498B-A943-5EAA42B134EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{47B49FE6-F428-4DB9-92F7-63CF67569C73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4942378F-968F-4834-BD3D-03138A7B6FDA}" = rport=445 | protocol=6 | dir=out | app=system |

"{4A948273-BADF-428D-8D98-E3761AAF5B33}" = lport=10243 | protocol=6 | dir=in | app=system |

"{573F9B37-7119-42AB-B06D-046C0EDDCA40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{580C88D2-C4F2-4EFE-80F3-080088676FD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{639A5583-FA4E-4A30-8D64-B8B996A44518}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{63F615CC-3C9B-4769-B09C-590DC7667B5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6986D38B-437E-453F-87A8-BAB2D48D92BE}" = rport=10243 | protocol=6 | dir=out | app=system |

"{71A80F8D-0BA7-4623-BDCF-26EB2C656D1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{740EA220-DE2A-46BB-9CB9-1EC9EA29D4F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{76EE72B9-D92D-4A83-96CB-F856D5BF9DCD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{99CD0C4D-63A5-4588-B298-93B8AE105189}" = rport=137 | protocol=17 | dir=out | app=system |

"{A6602296-5BFF-4A63-863E-36604ACA1E52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AC496DCA-8AE6-43F4-8DB3-CE47672772E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{AEFF4D7E-5EC8-4FB0-8C71-81312055F312}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |

"{AF1424D6-A7E0-4167-A357-F8E47CF6EE87}" = lport=445 | protocol=6 | dir=in | app=system |

"{B33A7DC6-D1F7-4BD9-9EA1-EBA6372E884B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{CA63D2F5-9C62-40AF-B311-5B7711341568}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |

"{DF5B92D7-77A7-4F15-85FF-1D5A24A68093}" = lport=138 | protocol=17 | dir=in | app=system |

"{E7444156-A458-4FEA-955B-39430C8C760D}" = lport=137 | protocol=17 | dir=in | app=system |

"{FECBD797-D0B6-434F-B959-45D01BB25B1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0124A0D1-E440-4BF1-96A1-AF56B9C17A51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{027C4706-F27D-401C-9AA8-89D3CB02565B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0F5BA4F2-EE77-41F1-A30F-30BBA69F6A42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{22B4A4AF-7A29-4A9A-806A-C191FE72E124}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2CE0F860-8E55-4135-B4DD-5D7A721985CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{33C69D07-0B59-48A6-8C40-9FEF4F05E67A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{3926886C-C327-429F-8439-64D108D28A41}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{420662E0-90C3-483B-AC9C-D86C29A68672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{4D6DDD35-324F-4113-9B60-BB0CEA31C412}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{51F64099-9707-4347-BD8D-24961573DC83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{55B01D97-9578-4084-996F-6C5F039842B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{693027BC-BC22-43B0-85AF-B9C23396463C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6A615607-6E8B-49B2-963D-384909247D0F}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |

"{706A42DF-A9B2-4E18-9A83-76B0567CBC27}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{7153519A-72AD-48E0-9AD4-70634B2354C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{727841EF-74F9-400E-9FC5-1D17C7DF9094}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{7AC00F1B-09B5-4172-8E85-FE9A67D3F251}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7D119DC9-CC57-405C-B910-84CD0FC17F8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7F5A6F82-7622-4E6A-8160-EFAEABECE2FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A57293C9-E054-43B0-95C8-7FE7A3CD318C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A9FEC4B0-EBE7-49AB-B2AD-79264A23290D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B358272F-89AF-4099-A671-1753EB018D40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BDD092A5-FC13-4372-ACD5-C6B4224C39CC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D5DEBEED-4838-4602-B493-4CAD051EAD11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D68FECB0-8A77-465A-8477-28530A9328D4}" = protocol=6 | dir=out | app=system |

"{E365A667-6CD1-429E-9B74-BA114BDDD9CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E4738EAF-BC07-41D5-85ED-30F28E520C42}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{F26BDD44-2FD3-4B3E-A77D-AE4B6EF77747}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |

"TCP Query User{098D0ACA-3BDA-415B-A374-FFB83B08C002}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{38DDCABD-AEF8-41EC-BBE8-34A368D277DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{4EEAD9CC-5FFF-40FB-A738-02D0E10A07E6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |

"TCP Query User{F1E67C2E-46EC-48F8-A86C-5CE996822848}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{F5405012-5390-42FE-9501-42EB8D818C07}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{FBCE9F70-79D5-479D-A13A-4989BB977693}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{2C847039-C527-46B1-A7FC-7089D2D6DA58}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{557F436E-D692-4EFF-BA3C-4C80CEAB3703}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{56692C11-8F8C-4298-B40A-F580E3816A15}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |

"UDP Query User{973747AA-03C8-4682-B1BD-E0571EA975AB}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{D9F00663-6A24-4B3A-BEB0-CED3767328ED}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{08C603B3-6023-42FE-B967-1CBB4C7CEBBF}" = Play Designer Series 2012

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012

"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration

"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40B420D0-5B97-4FF9-B5D1-0D839882BA91}" = Brother HL-3070CW

"{460B7EDA-9425-471B-AC11-C2E80049DEB4}" = TouchCopy 09

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes

"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager

"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9320CW

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack

"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto

"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CA}" = WinZip 16.0

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager

"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack

"401(k) Easy" = 401(k) Easy

"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)

"ActiveTouchMeetingClient" = WebEx

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"avast" = avast! Free Antivirus

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)

"DPP" = Canon Utilities Digital Photo Professional 3.4

"EOS USB WIA Driver" = EOS USB WIA Driver

"EOS Utility" = Canon Utilities EOS Utility

"Football Playbook v007" = Football Playbook v007

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin

"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards

"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)

"MyCamera" = Canon Utilities MyCamera

"OnlineArmor_is1" = Online Armor 5.5

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"TVWiz" = Intel® TV Wizard

"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility

"WinLiveSuite" = Windows Live Essentials

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2270400815-616284404-3630716744-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.2.0.952

"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/6/2012 11:32:57 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:32:57.523]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:33:32 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:33:32.678]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:34:16 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:34:16.305]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:34:55 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:34:55.591]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:35:32 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:35:32.177]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:36:15 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:36:15.354]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:36:50 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:36:50.473]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:37:25 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:37:25.625]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:38:00 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:38:00.814]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

Error - 12/6/2012 11:38:36 AM | Computer Name = CRAIG-PC | Source = Brother BrLog | ID = 1001

Description = STI BrtSTI: [2012/12/06 08:38:36.184]: [00004072]: GetDeviceIpAddress:

GetAddressByName [bRW5CAC4CB8A17B] Error

[ Media Center Events ]

Error - 2/17/2012 7:20:48 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 4:20:47 AM - Failed to retrieve SportsSchedule (Error: Unable to connect

to the remote server)

Error - 2/17/2012 8:24:39 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 5:24:38 AM - Failed to retrieve SportsSchedule (Error: Unable to connect

to the remote server)

Error - 2/17/2012 9:28:30 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 6:28:29 AM - Failed to retrieve SportsSchedule (Error: Unable to connect

to the remote server)

Error - 8/31/2012 6:48:17 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 4:48:08 PM - Error connecting to the internet. 4:48:09 PM - Unable

to contact server..

Error - 9/2/2012 11:35:10 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 9:35:10 AM - Error connecting to the internet. 9:35:10 AM - Unable

to contact server..

Error - 9/2/2012 11:36:30 AM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 9:35:39 AM - Error connecting to the internet. 9:35:39 AM - Unable

to contact server..

Error - 9/9/2012 6:42:21 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 4:42:20 PM - Error connecting to the internet. 4:42:20 PM - Unable

to contact server..

Error - 9/9/2012 6:42:56 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 4:42:50 PM - Error connecting to the internet. 4:42:50 PM - Unable

to contact server..

Error - 9/9/2012 7:43:45 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 5:43:45 PM - Error connecting to the internet. 5:43:45 PM - Unable

to contact server..

Error - 9/9/2012 7:44:20 PM | Computer Name = CRAIG-PC | Source = MCUpdate | ID = 0

Description = 5:44:15 PM - Error connecting to the internet. 5:44:15 PM - Unable

to contact server..

[ OSession Events ]

Error - 9/18/2011 12:58:23 PM | Computer Name = CRAIG-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 135995

seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 11/30/2012 6:24:04 PM | Computer Name = CRAIG-PC | Source = DCOM | ID = 10010

Description =

Error - 12/3/2012 2:52:26 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the IPBusEnum service.

Error - 12/3/2012 7:49:15 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the HomeGroupListener service.

Error - 12/4/2012 10:35:48 AM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the IPBusEnum service.

Error - 12/4/2012 5:04:15 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7000

Description = The sbapifs service failed to start due to the following error: %%2

Error - 12/4/2012 5:05:39 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7001

Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services

service which failed to start because of the following error: %%0

Error - 12/4/2012 5:06:12 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 12/4/2012 11:55:49 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the IPBusEnum service.

Error - 12/5/2012 11:13:27 AM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the WinDefend service.

Error - 12/5/2012 4:55:19 PM | Computer Name = CRAIG-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

< End of report >

[claiidd]

here is the one from adwclearner:

# AdwCleaner v2.011 - Logfile created 12/06/2012 at 08:45:25

# Updated 02/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : CRAIG - CRAIG-PC

# Boot Mode : Normal

# Running from : C:\Users\CRAIG\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\CRAIG\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7113 octets] - [21/11/2012 18:53:51]

AdwCleaner[R2].txt - [7173 octets] - [21/11/2012 19:12:02]

AdwCleaner[R3].txt - [955 octets] - [06/12/2012 08:45:25]

AdwCleaner[s1].txt - [7337 octets] - [21/11/2012 19:12:43]

########## EOF - C:\AdwCleaner[R3].txt - [1074 octets] ##########

[jeffce]

vhixznmnss@vhixznmnss.org:2.5

Do you recognize this at all?

[claiidd]

No, not at all!

[jeffce]

Ok that is what I suspected.....

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:OTL
FF - prefs.js..extensions.enabledAddons: vhixznmnss@vhixznmnss.org:2.5
[2009/07/13 16:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\vhixznmnss@vhixznmnss.org.xpi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  

Post the new OTL log and let me know how your system is running.

[claiidd]

Jeff,

System is running well ... no more redirect. Browsing at normal speeds while running multiple apps.

here is the log:

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Prefs.js: vhixznmnss@vhixznmnss.org:2.5 removed from extensions.enabledAddons

C:\Users\CRAIG\AppData\Roaming\Mozilla\Firefox\Profiles\l75bkxec.default\extensions\vhixznmnss@vhixznmnss.org.xpi moved successfully.

C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP folder deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\CRAIG\Desktop\cmd.bat deleted successfully.

C:\Users\CRAIG\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CRAIG

->Temp folder emptied: 54978185 bytes

->Temporary Internet Files folder emptied: 94742365 bytes

->Java cache emptied: 5692243 bytes

->FireFox cache emptied: 237214311 bytes

->Google Chrome cache emptied: 394121619 bytes

->Flash cache emptied: 3867048 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 147183 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2215445770 bytes

Total Files Cleaned = 2,867.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12072012_083927

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jeffce]

Ok good....that was all that I was finding on your system. Unfortunately, those entries are rather tricky and can get on your system even though you may be diligent with your updates and security scans. We can all only do the best we can.

-----

Providing there are no other malware related problems...

Clean up with OTL:

• Right-click and Run as Administrator OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

----------

Anything else left on your system that we just used can be removed by dragging them to the Recycle Bin.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

[jeffce]

Everything still good?

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!