crease1
-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by crease1
-
-
<p> </p>
<div>ComboFix 12-05-08.01 - Crease 05/08/2012 7:34.2.2 - x86</div>
<div>Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1972 [GMT -5:00]</div>
<div>Running from: c:\users\Crease\Desktop\ComboFix.exe</div>
<div>Command switches used :: c:\users\Crease\Desktop\CFScript.txt</div>
<div>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div>
<div>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div>
<div>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-05-08 12:48 . 2012-05-08 12:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\temp</div>
<div>2012-05-08 12:48 . 2012-05-08 12:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>
<div>2012-05-07 09:14 . 2012-05-07 09:14<span class="Apple-tab-span" style="white-space:pre"> </span>56200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\offreg.dll</div>
<div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Maintenance Service</div>
<div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>157352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\maintenanceservice_installer.exe</div>
<div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>129976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\maintenanceservice.exe</div>
<div>2012-05-02 12:09 . 2012-04-18 08:06<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\mpengine.dll</div>
<div>2012-05-02 12:06 . 2012-03-01 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>19312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div>
<div>2012-05-02 12:06 . 2012-03-01 05:49<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>
<div>2012-05-02 12:06 . 2012-03-01 05:45<span class="Apple-tab-span" style="white-space:pre"> </span>158720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div>
<div>2012-05-02 12:06 . 2012-03-01 05:40<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div>
<div>2012-04-28 18:09 . 2012-02-03 04:01<span class="Apple-tab-span" style="white-space:pre"> </span>2341376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>
<div>2012-04-28 18:09 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1074176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\DWrite.dll</div>
<div>2012-04-28 18:09 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>218624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10_1core.dll</div>
<div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>161792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10_1.dll</div>
<div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1170944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10warp.dll</div>
<div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>739840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d2d1.dll</div>
<div>2012-04-28 18:08 . 2011-09-29 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>1285488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div>
<div>2012-04-28 18:08 . 2011-11-17 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1288984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntdll.dll</div>
<div>2012-04-28 18:08 . 2011-10-01 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\System\wab32.dll</div>
<div>2012-04-28 18:08 . 2011-08-17 04:26<span class="Apple-tab-span" style="white-space:pre"> </span>465408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\psisdecd.dll</div>
<div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>75776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\psisrndr.ax</div>
<div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSNP.ax</div>
<div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>72704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Mpeg2Data.ax</div>
<div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>59904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSDvbNP.ax</div>
<div>2012-04-28 18:08 . 2011-11-05 04:30<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</div>
<div>2012-04-28 18:07 . 2011-08-27 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>571904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\oleaut32.dll</div>
<div>2012-04-28 18:07 . 2011-08-27 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>233472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\oleacc.dll</div>
<div>2012-04-28 18:07 . 2011-11-19 14:06<span class="Apple-tab-span" style="white-space:pre"> </span>67072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\packager.dll</div>
<div>2012-04-28 18:07 . 2011-10-15 05:48<span class="Apple-tab-span" style="white-space:pre"> </span>534528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\EncDec.dll</div>
<div>2012-04-28 18:07 . 2011-10-26 04:25<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\csrsrv.dll</div>
<div>2012-04-28 18:07 . 2011-10-26 04:28<span class="Apple-tab-span" style="white-space:pre"> </span>1328640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\quartz.dll</div>
<div>2012-04-28 18:07 . 2011-10-26 04:28<span class="Apple-tab-span" style="white-space:pre"> </span>514560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\qdvd.dll</div>
<div>2012-04-28 18:07 . 2011-07-16 04:34<span class="Apple-tab-span" style="white-space:pre"> </span>290816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\KernelBase.dll</div>
<div>2012-04-28 18:07 . 2011-07-16 04:31<span class="Apple-tab-span" style="white-space:pre"> </span>271360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\conhost.exe</div>
<div>2012-04-28 18:02 . 2011-10-26 04:42<span class="Apple-tab-span" style="white-space:pre"> </span>3957104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>
<div>2012-04-28 18:02 . 2011-10-26 04:42<span class="Apple-tab-span" style="white-space:pre"> </span>3901808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>
<div>2012-04-28 17:59 . 2012-02-15 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>826368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div>
<div>2012-04-28 17:59 . 2012-02-15 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tdtcp.sys</div>
<div>2012-04-28 17:59 . 2012-02-15 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>177152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\rdpwd.sys</div>
<div>2012-04-28 17:59 . 2012-01-25 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>57856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpwsx.dll</div>
<div>2012-04-28 17:59 . 2012-01-25 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>129536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcorekmts.dll</div>
<div>2012-04-28 17:59 . 2012-01-25 05:40<span class="Apple-tab-span" style="white-space:pre"> </span>8192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdrmemptylst.exe</div>
<div>2012-04-28 04:41 . 2012-05-08 12:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Crease\AppData\Roaming\Azureus</div>
<div>2012-04-28 02:17 . 2012-04-28 02:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\_OTL</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-04-28 04:38 . 2010-10-01 03:14<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2012-04-04 20:56 . 2010-09-26 03:33<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-03-06 23:15 . 2011-11-30 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>41184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div>
<div>2012-03-06 23:15 . 2011-11-30 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>201352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div>
<div>2012-03-06 23:03 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>612184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div>
<div>2012-03-06 23:03 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>337880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSP.sys</div>
<div>2012-03-06 23:02 . 2012-02-24 15:39<span class="Apple-tab-span" style="white-space:pre"> </span>44376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRdr2.sys</div>
<div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>53848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswTdi.sys</div>
<div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>57688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div>
<div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>20696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFsBlk.sys</div>
<div>2012-03-03 03:05 . 2011-02-27 18:01<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div>
<div>2012-02-23 15:18 . 2010-09-26 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>
<div>2012-05-06 16:28 . 2011-04-06 00:52<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Note* empty entries & legit default entries are not shown </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</div>
<div>@="{472083B0-C522-11CF-8763-00608CC02F24}"</div>
<div>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</div>
<div>2012-03-06 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>123536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software\Avast\ashShell.dll</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"Facebook Update"="c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536]</div>
<div>"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]</div>
<div>"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-05 273528]</div>
<div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]</div>
<div>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]</div>
<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]</div>
<div>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div>
<div>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]</div>
<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]</div>
<div>.</div>
<div>c:\users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div>
<div>MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-28 576000]</div>
<div>OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>
<div>"ConsentPromptBehaviorAdmin"= 0 (0x0)</div>
<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>
<div>"EnableUIADesktopToggle"= 0 (0x0)</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div>
<div>"aux"=wdmaud.drv</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>
<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0SmartDefragBootTime.exe</div>
<div>.</div>
<div>R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]</div>
<div>R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]</div>
<div>R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]</div>
<div>R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]</div>
<div>R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]</div>
<div>R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]</div>
<div>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]</div>
<div>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]</div>
<div>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]</div>
<div>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]</div>
<div>R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]</div>
<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-23 1343400]</div>
<div>R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]</div>
<div>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]</div>
<div>R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]</div>
<div>R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]</div>
<div>R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]</div>
<div>S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]</div>
<div>S1 aswSnx;aswSnx; [x]</div>
<div>S1 aswSP;aswSP; [x]</div>
<div>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]</div>
<div>S2 aswFsBlk;aswFsBlk; [x]</div>
<div>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]</div>
<div>S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]</div>
<div>S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]</div>
<div>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]</div>
<div>S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]</div>
<div>S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]</div>
<div>S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]</div>
<div>S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]</div>
<div>.</div>
<div>.</div>
<div>Contents of the 'Scheduled Tasks' folder</div>
<div>.</div>
<div>2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job</div>
<div>- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]</div>
<div>.</div>
<div>2012-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job</div>
<div>- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]</div>
<div>.</div>
<div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]</div>
<div>.</div>
<div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]</div>
<div>.</div>
<div>2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job</div>
<div>- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]</div>
<div>.</div>
<div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job</div>
<div>- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]</div>
<div>.</div>
<div>.</div>
<div>------- Supplementary Scan -------</div>
<div>.</div>
<div>uDefault_Search_URL = hxxp://www.google.com/ie</div>
<div>uInternet Settings,ProxyOverride = 192.168.*.*;*.local</div>
<div>uSearchAssistant = hxxp://www.google.com/ie</div>
<div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div>
<div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div>
<div>IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html</div>
<div>IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html</div>
<div>IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html</div>
<div>IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html</div>
<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000</div>
<div>IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105</div>
<div>TCP: DhcpNameServer = 192.168.1.1</div>
<div>FF - ProfilePath - c:\users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\</div>
<div>.</div>
<div>.</div>
<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\</div>
<div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="ChromeHTML"</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="ChromeHTML"</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="ChromeHTML"</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="ChromeHTML"</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"Progid"="ChromeHTML"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>"BlindDial"=dword:00000000</div>
<div>"MSCurrentCountry"=dword:000000b5</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>"BlindDial"=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>"BlindDial"=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>"BlindDial"=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div>
<div>@Denied: (Full) (Everyone)</div>
<div>.</div>
<div>Completion time: 2012-05-08 07:51:44</div>
<div>ComboFix-quarantined-files.txt 2012-05-08 12:51</div>
<div>ComboFix2.txt 2012-05-08 01:17</div>
<div>.</div>
<div>Pre-Run: 12,210,786,304 bytes free</div>
<div>Post-Run: 11,926,097,920 bytes free</div>
<div>.</div>
<div>- - End Of File - - BFF70C2B277344910791458B9435C109</div>
-
ComboFix 12-05-07.03 - Crease 05/07/2012 20:00:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.2148 [GMT -5:00]
Running from: c:\users\Crease\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\programdata\5A42CE820B.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 01:13 . 2012-05-08 01:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 09:14 . 2012-05-07 09:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\offreg.dll
2012-05-06 16:28 . 2012-05-06 16:28 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-06 16:28 . 2012-05-06 16:28 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 16:28 . 2012-05-06 16:28 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 12:09 . 2012-04-18 08:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\mpengine.dll
2012-05-02 12:06 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-02 12:06 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-02 12:06 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-02 12:06 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-28 18:09 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-04-28 18:09 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-04-28 18:09 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-28 18:08 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-28 18:08 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-28 18:08 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-04-28 18:08 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-28 18:08 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
2012-04-28 18:08 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-28 18:08 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-28 18:08 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-28 18:08 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2012-04-28 18:08 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-04-28 18:08 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-04-28 18:08 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-28 18:07 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-04-28 18:07 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-04-28 18:07 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
2012-04-28 18:07 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-04-28 18:07 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-28 18:07 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
2012-04-28 18:07 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-04-28 18:07 . 2011-07-16 04:34 290816 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-28 18:07 . 2011-07-16 04:31 271360 ----a-w- c:\windows\system32\conhost.exe
2012-04-28 18:02 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-28 18:02 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-28 17:59 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-28 17:59 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-28 17:59 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-28 17:59 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-28 17:59 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-28 17:59 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-28 04:41 . 2012-05-08 01:11 -------- d-----w- c:\users\Crease\AppData\Roaming\Azureus
2012-04-28 02:17 . 2012-04-28 02:17 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 04:38 . 2010-10-01 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2010-09-26 03:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-11-30 18:21 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-30 18:21 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-11-30 18:22 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-11-30 18:22 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-24 15:39 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-30 18:22 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-30 18:22 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-30 18:22 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-03 03:05 . 2011-02-27 18:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-23 15:18 . 2010-09-26 03:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-06 16:28 . 2011-04-06 00:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-05 273528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-28 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-23 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]
S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job
- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]
.
2012-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job
- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job
- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job
- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109878
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcc061a300000000000000a0d156c51d
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc061a300000000000000a0d156c51d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-07 20:17:51
ComboFix-quarantined-files.txt 2012-05-08 01:17
.
Pre-Run: 12,697,673,728 bytes free
Post-Run: 12,499,697,664 bytes free
.
- - End Of File - - D9E5B57E903FB2FD83FB782332623E40
-
Nope. Flash
still crashing.
-
-
Chrome won't let me re install Flash. Says it's automatic..
-
After uninstalling Chrome won't let me reinstall. Still really slow on the browser.
-
Chrome, mostly
-
still have flash crashes
-
??? I posted the reports
-
Sorry 'bout that
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5F5D888-2587-E012-A817-7038F5690F26}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" removed from browser.startup.homepage
Prefs.js: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" removed from keyword.URL
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ not found.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\searchplugin folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\modules folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\META-INF folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\defaults folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\components folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\chrome folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} folder moved successfully.
Folder C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found.
Folder C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}\ not found.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info\content folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info folder moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml moved successfully.
C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284D58E1-2BA6-416D-9C79-1C703AC51823}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{284D58E1-2BA6-416D-9C79-1C703AC51823}\ deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}\ not found.
File C:\Program Files\PDFLite Toolbar\Toolbar32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}\ not found.
File C:\Program Files\PDFLite Toolbar\Toolbar32.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found.
Registry value HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper not found.
C:\Users\Crease\AppData\Roaming\Azureus\updates folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\subs folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\hvi folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azemp\mplayer folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\azemp folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\logs\save folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\devices folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Crease\AppData\Roaming\Azureus folder moved successfully.
C:\Users\Crease\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Crease\AppData\Roaming\StreamTorrent\1.0\config folder moved successfully.
C:\Users\Crease\AppData\Roaming\StreamTorrent\1.0 folder moved successfully.
C:\Users\Crease\AppData\Roaming\StreamTorrent folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\StartNow Toolbar not found.
File\Folder C:\Program Files\Vuze_Remote not found.
File\Folder C:\Program Files\PDFLite Toolbar not found.
File\Folder C:\Program Files\Search Toolbar not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Crease
->Temp folder emptied: 195117079 bytes
->Temporary Internet Files folder emptied: 237944228 bytes
->Java cache emptied: 5569811 bytes
->FireFox cache emptied: 58722153 bytes
->Google Chrome cache emptied: 311486337 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 21163740 bytes
->Flash cache emptied: 252619 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116458476 bytes
RecycleBin emptied: 138345 bytes
Total Files Cleaned = 903.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.1 log created on 04272012_211700
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.1)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
-
Thanks
OTL logfile created on: 4/26/2012 11:13:25 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 30.09% Memory free
6.74 Gb Paging File | 3.34 Gb Available in Paging File | 49.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 10.95 Gb Free Space | 11.76% Space Free | Partition Type: NTFS
Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/26 23:00:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL (2).exe
PRC - [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/05 14:35:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/22 22:20:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/11/17 08:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2011/11/28 23:56:00 | 000,028,160 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/24 08:05:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2011/04/27 09:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Win32 Services (SafeList) ==========
SRV - [2012/04/13 21:20:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/22 22:18:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Crease\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2012/03/24 08:25:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/10 19:05:43 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0B85D0B2-60F4-94A0-3164-F228253EF30E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B85D0B2-60F4-94A0-3164-F228253EF30E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111122&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKCU\..\SearchScopes\{4BB60FAA-EBB0-48D3-9B18-003DB4016D0B}: "URL" = http://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=36afce92a593490898bc7ff53dda9382
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111028&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{AEFAFD5F-6C5B-432C-B42E-5B2848B4D9DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 00:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 22:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M]
[2011/04/05 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Extensions
[2012/04/26 22:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions
[2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}
[2012/01/29 11:56:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info
[2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml
[2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml
[2012/02/01 09:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/06 22:14:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/19 09:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/16 12:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/19 09:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: PDFLite Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Angry Birds = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\
CHR - Extension: avast! WebRep = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
CHR - Extension: Gmail = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[CLEARALLRESTOREPOINTS]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/04/05 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/02 12:47:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2011/01/19 09:12:28 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Crease\AppData\Roaming\ACT2011Hotfix_SS.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/26 23:20:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 22:44:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 22:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job
[2012/04/26 19:44:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 13:32:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job
[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 09:30:33 | 000,896,346 | ---- | M] () -- C:\Users\Crease\Desktop\printingplease___.zip
[2012/04/21 09:36:41 | 000,683,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/21 09:36:41 | 000,128,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 06:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 06:47:21 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 14:34:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/19 14:34:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/14 14:50:07 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/13 21:20:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 21:20:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/05 19:21:20 | 000,002,503 | ---- | M] () -- C:\Users\Crease\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/05 19:21:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/05 19:17:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/04 11:36:39 | 000,015,224 | ---- | M] () -- C:\Users\Crease\Desktop\crain-562_1.jpg
[2012/04/02 11:40:10 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini
[2012/04/02 11:36:53 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/22 09:30:28 | 000,896,346 | ---- | C] () -- C:\Users\Crease\Desktop\printingplease___.zip
[2012/04/05 19:17:48 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/04 11:36:38 | 000,015,224 | ---- | C] () -- C:\Users\Crease\Desktop\crain-562_1.jpg
[2012/04/02 12:47:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 10:38:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/01/26 14:29:26 | 000,007,605 | ---- | C] () -- C:\Users\Crease\AppData\Local\Resmon.ResmonCfg
[2011/12/03 22:51:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/03 22:51:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/18 13:45:48 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/08/18 13:45:48 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/08/10 19:06:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/08/10 19:05:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe
[2011/05/18 07:33:18 | 000,149,504 | ---- | C] () -- C:\Users\Crease\AppData\Roaming\SharedSettings.ccs
[2011/05/08 18:19:41 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/02/27 11:55:47 | 000,006,144 | ---- | C] () -- C:\Users\Crease\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/19 09:26:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/19 09:26:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A42CE820B.sys
[2010/10/28 15:13:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/28 15:13:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/10/28 15:13:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/10/28 15:13:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/10/28 15:13:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/10/28 15:13:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/10/28 15:13:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/10/28 15:13:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/10/28 15:13:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/10/28 15:13:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/10/28 15:13:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/10/28 15:13:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/10/28 15:09:41 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2010/10/22 06:49:29 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010/10/22 06:32:23 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/10/22 06:32:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/10/22 06:32:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2010/10/22 06:32:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/10/22 06:32:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/10/22 06:32:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
========== Custom Scans ==========
< :OTL >
< IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) >
< IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} >
< IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 >
< IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d >
Invalid Switch: ?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
< IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d >
< IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 >
< IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi >
< FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" >
< FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" >
< FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" >
< FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" >
< FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" >
< FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" >
< FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" >
< FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M] >
Invalid Switch: 11 13:18:26 | 000,000,000 | ---D | M]
< [2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} >
Invalid Switch: 06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}
< [2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} >
Invalid Switch: 28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
< [2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} >
Invalid Switch: 22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}
< [2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} >
Invalid Switch: 12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
< [2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info >
Invalid Switch: 22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info
< [2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml >
Invalid Switch: 28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml
< [2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml >
Invalid Switch: 07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml
< [2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml >
Invalid Switch: 22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
< CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\ >
< O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector) >
< O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () >
< O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) >
< O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found >
< O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found >
< O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found >
< O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () >
< O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) >
< O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found >
< O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) >
< O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found >
< [2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus >
Invalid Switch: 26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus
< [2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon >
Invalid Switch: 22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon
< [2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent >
Invalid Switch: 05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent
< >
< :files >
< C:\Program Files\StartNow Toolbar >
< C:\Program Files\Vuze_Remote >
< C:\Program Files\PDFLite Toolbar >
< C:\Program Files\Search Toolbar >
< >
< :Commands >
< [emptytemp] >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Users\Crease\Documents\Untitled Attachment:SummaryInformation
< End of report >
Results of screen317's Security Check version 0.99.32
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java 6 Update 29
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader X (10.1.1)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
-
Hey Maniac,
Thanks so much for your help.
Steve
OTL logfile created on: 4/26/2012 11:06:11 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free
6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/26 11:03:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL.exe
PRC - [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 13:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/05 14:35:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/22 22:20:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
PRC - [2010/01/21 17:22:06 | 020,752,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2010/01/21 17:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2005/11/17 08:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 02:36:18 | 000,544,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MOD - [2012/04/12 02:36:17 | 000,117,744 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libegl.dll
MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2011/11/28 23:56:00 | 000,028,160 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/08/24 08:05:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2011/04/27 09:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Win32 Services (SafeList) ==========
SRV - [2012/04/13 21:20:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/21 04:07:24 | 000,244,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)
SRV - [2011/08/22 22:18:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Crease\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2012/03/24 08:25:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/03 13:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/11/03 13:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/10 19:05:43 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes,DefaultScope = {0B85D0B2-60F4-94A0-3164-F228253EF30E}
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0B85D0B2-60F4-94A0-3164-F228253EF30E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111122&iesrc={referrer:source}
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{4BB60FAA-EBB0-48D3-9B18-003DB4016D0B}: "URL" = http://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=36afce92a593490898bc7ff53dda9382
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111028&iesrc={referrer:source}
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AEFAFD5F-6C5B-432C-B42E-5B2848B4D9DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 00:13:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 22:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M]
[2011/04/05 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Extensions
[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions
[2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}
[2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/01/29 11:56:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}
[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info
[2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml
[2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml
[2012/02/01 09:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/06 22:14:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/19 09:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/16 12:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/19 09:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: PDFLite Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Angry Birds = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: YouTube = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\
CHR - Extension: avast! WebRep = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
CHR - Extension: Gmail = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Facebook Update] C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/05 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/19 09:12:28 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Crease\AppData\Roaming\ACT2011Hotfix_SS.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/26 11:20:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 10:44:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job
[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 19:44:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job
[2012/04/22 09:30:33 | 000,896,346 | ---- | M] () -- C:\Users\Crease\Desktop\printingplease___.zip
[2012/04/21 09:36:41 | 000,683,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/21 09:36:41 | 000,128,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 06:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 06:47:21 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/19 14:34:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/19 14:34:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/14 14:50:07 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/05 19:21:20 | 000,002,503 | ---- | M] () -- C:\Users\Crease\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/05 19:21:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/05 19:17:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/04 11:36:39 | 000,015,224 | ---- | M] () -- C:\Users\Crease\Desktop\crain-562_1.jpg
[2012/04/02 11:40:10 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini
[2012/04/02 11:36:53 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/22 09:30:28 | 000,896,346 | ---- | C] () -- C:\Users\Crease\Desktop\printingplease___.zip
[2012/04/05 19:17:48 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/04 11:36:38 | 000,015,224 | ---- | C] () -- C:\Users\Crease\Desktop\crain-562_1.jpg
[2012/04/02 12:47:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 10:38:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/01/26 14:29:26 | 000,007,605 | ---- | C] () -- C:\Users\Crease\AppData\Local\Resmon.ResmonCfg
[2011/12/03 22:51:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/03 22:51:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/01 15:16:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/08/18 13:45:48 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/08/18 13:45:48 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/08/10 19:06:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2011/08/10 19:05:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe
[2011/05/18 07:33:18 | 000,149,504 | ---- | C] () -- C:\Users\Crease\AppData\Roaming\SharedSettings.ccs
[2011/05/08 18:19:41 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/02/27 11:55:47 | 000,006,144 | ---- | C] () -- C:\Users\Crease\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/19 09:26:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/19 09:26:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A42CE820B.sys
[2010/10/28 15:13:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/10/28 15:13:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/10/28 15:13:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/10/28 15:13:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/10/28 15:13:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/10/28 15:13:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/10/28 15:13:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/10/28 15:13:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/10/28 15:13:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/10/28 15:13:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/10/28 15:13:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/10/28 15:13:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/10/28 15:09:41 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2010/10/22 06:49:29 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010/10/22 06:32:23 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2010/10/22 06:32:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/10/22 06:32:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2010/10/22 06:32:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2010/10/22 06:32:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/10/22 06:32:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
========== LOP Check ==========
[2011/10/28 06:44:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACASystems
[2011/01/19 09:26:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACT
[2011/05/05 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Amazon
[2011/02/01 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\AnvSoft
[2011/09/29 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Avery
[2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus
[2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon
[2011/05/09 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/04 08:36:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\CoffeeCup Software
[2010/09/28 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\com.powerade.pulse.E05451257EBCF1128D1DCCD636C4C762D9BC275D.1
[2011/03/31 11:19:09 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Epson
[2012/01/11 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\eTeks
[2011/09/12 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IObit
[2011/01/19 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IsolatedStorage
[2011/10/04 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Leadertech
[2011/04/21 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\NCH Swift Sound
[2011/04/18 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Opera
[2011/11/22 14:25:27 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\PDFlite
[2010/10/20 21:34:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Sony
[2011/02/01 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent
[2010/11/05 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Thinstall
[2011/11/22 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\WeatherBug
[2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job
[2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job
[2012/01/03 22:26:52 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Users\Crease\Documents\Untitled Attachment:SummaryInformation
< End of report >
OTL Extras logfile created on: 4/26/2012 11:06:11 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free
6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS
Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0964B777-BCDB-41CA-A1A0-329C8C4ABA97}" = lport=137 | protocol=17 | dir=in | app=system |
"{12FDE9AE-6E77-442A-991E-BBB99919466B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1540C8C3-F046-4230-9F5F-2CCB789B40F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F35A129-0E33-4947-90AB-5B00921D4F96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20124D2F-ACD6-49FB-AE71-5D1AAF2E8F10}" = rport=10243 | protocol=6 | dir=out | app=system |
"{20181D4A-7FA7-4A8B-AE19-9D68CCEE84FA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3CCC6A3C-C82A-4ADC-9D9E-5C1A3FB222EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BBD8487-9307-4E9B-857B-BCA24B40EC9D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4DC48384-C791-4870-B5B1-3F085DA61962}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50939ECC-3CD7-4057-8030-5A6791BC9D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{577EC96D-D836-47F2-9FB7-BC23055EE704}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AAC2BC5-6F8D-4927-BDD8-70502F8E9DAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DA06F0C-1C5C-45D8-A77D-C9E02A4C9D57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65123A0E-23C7-4C5B-9D0F-33467750B53A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A37878B-C94E-4093-974B-42BDE9713618}" = lport=138 | protocol=17 | dir=in | app=system |
"{8256C605-A351-4F9B-8E32-46CC478B3A42}" = rport=138 | protocol=17 | dir=out | app=system |
"{847BE0B1-2AE1-4A91-A9EE-337A215866A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90B01A6A-35AE-45DC-A410-5BC265CB2D52}" = lport=12345 | protocol=6 | dir=in | name=motorola helper |
"{9EF44006-6AA0-44A6-A9E4-C6D4DFBBB78C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A863DC60-18E1-4C28-A089-AC309F97FEDF}" = lport=139 | protocol=6 | dir=in | app=system |
"{ABB80837-263C-4A3D-A27D-942119E4DBBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADD953D7-7087-4F4C-A98D-9CD7125D69AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE3720A6-B29C-4B4C-BF9B-786A62B59DE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B06514F5-416C-4561-B13A-FF5A857018EA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C0D1BF73-59D2-41E0-B398-C9B13E829B8F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CDBFAF85-193F-4C63-89E9-1645C8833EA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D17774F5-A691-490E-B7DB-66A9DC01B0C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3616EF1-4C17-4C91-A99C-CD3F3F9EEC08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF05C6E4-BD96-433D-88F5-B9DB94C62BA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2A3CAC3-56C9-4E7B-8F86-65C0884018FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3BBDAFE-34C7-4998-8F88-A571B605132F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8519472-DBE0-4C0E-94B9-6AB7B9C57D96}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9AB0B29-AA09-4782-A041-0991E68C3419}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002C5928-843D-41AA-B88A-6BBF1A726F07}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{0454E8E8-1375-4C7B-8704-B8D5B3F1DBAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DDDFCFC-7D36-4AA8-A695-2B77B865AEC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{17083D0C-3496-4426-84EE-F26A710F1C5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B7E531A-AA35-464E-820C-6F9F482380B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2289FF66-E1F2-42FF-AE78-B120E4DF5BFA}" = dir=in | app=c:\users\crease\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{25574F1E-A471-481B-A4BE-3FF9E1F61A2B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2572623D-7243-4A63-AAD2-45F7C380A7A3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2B12F140-D052-414E-8DE4-7A3E3845B8E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4401B316-EE6C-4463-AA9C-A88D7AB12155}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{4B1CD8F4-B23B-46C2-B67B-6F88ED601FAE}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{4FABF83F-3E8D-4EF0-9BA0-CB8FE09B3943}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{500A8E0B-7B2E-4164-B315-9B09FC379D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66F224B8-E2B2-459E-8FF6-28BB37DEB854}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{684EDB54-D17C-4967-8CF9-BA20938D8098}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{68F4A98F-3D76-483A-8E5E-463409B482D3}" = protocol=17 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe |
"{6C963949-84D9-4254-B0FD-BB271964492B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72CA5A6C-426C-4CF2-885F-A8D839E1D1A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75A92E26-C70E-4ED4-93F9-DD459CC83578}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{7669F6CB-1B4F-4773-A3A7-0847BA027C0F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{78602B35-CA5D-41DB-B2FB-24C80274511B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C92818A-7E30-4192-923A-E45156F80C95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EF25FC9-78CA-4C29-8EEB-A8594EDE6955}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{7F002721-0BE3-4790-9433-F3C418CB42FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7FBA8593-9154-4BF2-BDD8-8664B2F6D9BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{812BBCD8-D612-4A1F-9700-BC93B5478F1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84BE3A9E-5700-4E2C-9B6B-30F7F98F5382}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{8D5C65C9-D7F9-4870-B4FF-CD88A6928AFF}" = protocol=6 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe |
"{8FD4899D-531B-40C9-AB19-9B9C79C79C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90559BC2-4FB4-4A82-B9A8-05C33BA27AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CAE08F5-55B7-4782-9C00-1F7E44B45FA3}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A7031438-4A99-4A60-AE87-C52E7CE30CF1}" = protocol=6 | dir=out | app=system |
"{AF55BD6F-8125-47AE-BF70-2D611858533C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B93E6B0F-8A0D-4BBC-980E-19006B4B1EA0}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{BFA3A68E-26B0-4F5C-ADAD-B38C1F563976}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C335316F-AEC6-4664-B306-09C81B9475E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C4F432B3-394E-4D10-9164-C3FB4B8E7541}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA6D3F28-764F-4DD3-B6E8-F4F9113D686C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD5953C2-83F3-4E82-9F90-B80BCAA1D8AF}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{CDC964C9-3E8C-4262-A340-4FC84AC11B23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF54AD5B-AC64-45A9-917F-99728F986169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D2197D8B-2AA1-4C1F-8B4C-09475A3AA486}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E4D1CEDA-7338-4C66-BF00-74619DD3628B}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{E7B6E3A7-CA91-4F60-B283-99B489375B28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{1FD475EF-150C-4FB2-8B94-432291413932}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{2822C698-C979-403D-8AC9-14942204F85E}C:\program files\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files\act\act for windows\actsage.exe |
"TCP Query User{2DBD51BF-0195-4F87-8CCC-D6B8AD2AF948}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{2DFB109C-7E4E-4A72-B3AE-F7CB2530C0BA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5DC2D5CD-484A-4176-80F3-374D11E53127}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{629DB2ED-EF9F-438D-B6B2-132C77C572FB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{7104B38C-CD4C-4E78-AD0D-400C68C59F56}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe |
"TCP Query User{9106C84B-B8FD-4F05-B524-F98F6DAC58FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{B562C6B0-019F-45B0-A551-2FB7DCDC59FD}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{D6493256-1351-4EB6-AAD4-43BC5127E67F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F457F2A5-3FF7-4592-8D03-64108CEC581E}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |
"UDP Query User{2CC04A8F-0A59-443C-B19B-B53ECBE6242A}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe |
"UDP Query User{31F4D303-46CB-42BE-B17C-AE0FA99B4D13}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{511787F3-0837-46F8-9840-2D199B6E4464}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{A4792340-C074-45B1-BA50-168BCE14C319}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{A73A8876-50C6-45D6-BA80-26FDC7867E0A}C:\program files\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files\act\act for windows\actsage.exe |
"UDP Query User{ADACCD37-BDFE-4236-8167-97C00C2DF03F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B8E8AECD-AF04-422B-9739-C3FB1520A10A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{BDC511A8-E59F-4271-B6E7-660782DC38C6}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |
"UDP Query User{E5FA66EA-0476-4D33-AB6C-81EB35752FEA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E714A6F5-38AB-460A-B669-9C084187006E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{EF878373-9A82-4B43-92BA-B3A5EC84A1AC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1C23A809-EE16-453B-8CD6-94443B917839}" = Mototools Software Update
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150200}" = J2SE Runtime Environment 5.0 Update 20
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60C7374C-B546-45DE-A578-2E29BA8C3F1C}" = Moto Helper Service
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.1.8
"AppInventor Setup" = AppInventor Setup
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"FLV Pro Player" = FLV Pro Player
"Google Chrome" = Google Chrome
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hide IP Platinum_is1" = Hide IP Platinum 3.43
"Homepage Protection Service" = Homepage Protection Service
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.51.1087" = Opera 11.51
"Opera 11.62.1347" = Opera 11.62
"PDFlite" = PDFlite 0.5
"PDFLite Toolbar" = PDFLite Toolbar
"Picasa 3" = Picasa 3
"Prism" = Prism Video File Converter
"RealPlayer 12.0" = RealPlayer
"Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0
"Smart Defrag 2_is1" = Smart Defrag 2
"StartNow Toolbar" = StartNow Toolbar
"StreamTorrent 1.0" = StreamTorrent 1.0
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tele Hypnosis Pro De Luxe Multisession 4" = Tele Hypnosis Pro De Luxe Multisession 4
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Notepad App" = Notepad App
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
-
HI,
I'm obviously very infected at this point. Everything has become very slow and removal tools not helping much. Thanks in advance for help. Really appreciate it.
Steve
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Crease at 7:45:30 on 2012-04-26
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.584 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TheBflix Class: {284d58e1-2ba6-416d-9c79-1c703ac51823} - c:\programdata\thebflix\bhoclass.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: PDFLite Toolbar Helper: {7413f9fc-8e54-4c93-beb7-1225eb0970ca} - c:\program files\pdflite toolbar\Toolbar32.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: PDFLite Toolbar: {7c8aceeb-b1d8-43cc-a387-da838515368d} - c:\program files\pdflite toolbar\Toolbar32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Facebook Update] "c:\users\crease\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [AdobeBridge]
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_SCA60.tmp" /EF "HKCU"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\24573747562747F677E602F46666963656 : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\65562796A7F6E602D494649443531303C4024463449302355636572756 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\crease\appdata\roaming\mozilla\firefox\profiles\kxx1n4pw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\pdflite\npPdfViewer.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\crease\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109878
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcc061a300000000000000a0d156c51d
FF - user.js: extensions.BabylonToolbar_i.hardId - fcc061a300000000000000a0d156c51d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-30 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-18 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-30 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-30 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-30 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-30 57688]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-8-10 17984]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-24 40776]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-14 02:20:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 02:20:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 13:25:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 7:48:49.86 ===============
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:53:45 AM, on 4/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Crease\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?
AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat
\ActiveX\AcroIEHelperShim.dll
O2 - BHO: TheBflix - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:
\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: PDFLite Toolbar Helper - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar
\Toolbar32.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast
\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin
\jp2ssv.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll (file
missing)
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll
(file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote
\prxtbVuze.dll
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar
\Toolbar32.dll (file missing)
O3 - Toolbar: PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar
\Toolbar32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast
\aswWebRepIE.dll
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support
\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c
/nocrashserver
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Windows
\TEMP\E_SCA60.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office
\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe
\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat
\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office
\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft
Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft
Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files
\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy
\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft
Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files
\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:
\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support
\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files
\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files
\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update
\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update
\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater
\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper
\MotoHelperService.exe
O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service
\MotoHelper.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe
\SwitchBoard\SwitchBoard.exe
O23 - Service: Updater Service for PDFLite Toolbar - Unknown owner - C:\Program Files\PDFLite Toolbar
\ToolbarUpdaterService.exe
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar
\ToolbarUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate
\YahooAUService.exe
--
End of file - 12260 bytes
Browsers very slow - Flash continually crashes
in Resolved Malware Removal Logs
Posted
still have shockwave flash crashes- don't understand