Browsers very slow - Flash continually crashes

crease1 · April 26, 2012

HI,

I'm obviously very infected at this point. Everything has become very slow and removal tools not helping much. Thanks in advance for help. Really appreciate it.

Steve

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29

Run by Crease at 7:45:30 on 2012-04-26

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.584 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\RamBooster 2.0\Rambooster.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Vuze\Azureus.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TheBflix Class: {284d58e1-2ba6-416d-9c79-1c703ac51823} - c:\programdata\thebflix\bhoclass.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: PDFLite Toolbar Helper: {7413f9fc-8e54-4c93-beb7-1225eb0970ca} - c:\program files\pdflite toolbar\Toolbar32.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll

TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: PDFLite Toolbar: {7c8aceeb-b1d8-43cc-a387-da838515368d} - c:\program files\pdflite toolbar\Toolbar32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [Facebook Update] "c:\users\crease\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [AdobeBridge]

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_SCA60.tmp" /EF "HKCU"

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\24573747562747F677E602F46666963656 : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\65562796A7F6E602D494649443531303C4024463449302355636572756 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\crease\appdata\roaming\mozilla\firefox\profiles\kxx1n4pw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\pdflite\npPdfViewer.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\crease\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109878

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - fcc061a300000000000000a0d156c51d

FF - user.js: extensions.BabylonToolbar_i.hardId - fcc061a300000000000000a0d156c51d

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17:57

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-30 64512]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-18 16184]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-30 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-30 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-30 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-30 57688]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-8-10 17984]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-24 40776]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]

.

=============== Created Last 30 ================

.

==================== Find3M ====================

.

2012-04-14 02:20:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-14 02:20:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-24 13:25:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

.

============= FINISH: 7:48:49.86 ===============

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:53:45 AM, on 4/26/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16839)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\RamBooster 2.0\Rambooster.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Vuze\Azureus.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\Crease\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?

AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

O2 - BHO: TheBflix - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: PDFLite Toolbar Helper - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar

\Toolbar32.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin

\jp2ssv.dll

O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll (file

missing)

O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll

(file missing)

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote

\prxtbVuze.dll

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar

\Toolbar32.dll (file missing)

O3 - Toolbar: PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar

\Toolbar32.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast

\aswWebRepIE.dll

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c

/nocrashserver

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Windows

\TEMP\E_SCA60.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office

\Office14\ONENOTEM.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe

\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat

\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office

\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft

Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy

\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files

\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files

\EPSON\EPW!3 SSRP\E_S50ST7.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files

\EPSON\EPW!3 SSRP\E_S50RP7.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update

\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update

\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater

\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper

\MotoHelperService.exe

O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service

\MotoHelper.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe

O23 - Service: Updater Service for PDFLite Toolbar - Unknown owner - C:\Program Files\PDFLite Toolbar

\ToolbarUpdaterService.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar

\ToolbarUpdaterService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate

\YahooAUService.exe

--

End of file - 12260 bytes

Maniac · April 26, 2012

Hello Steve and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

crease1 · April 26, 2012

Hey Maniac,

Thanks so much for your help.

Steve

OTL logfile created on: 4/26/2012 11:06:11 AM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free

6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 11:03:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL.exe

PRC - [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/11/03 13:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/10/05 14:35:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011/08/22 22:20:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe

PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe

PRC - [2010/01/21 17:22:06 | 020,752,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

PRC - [2010/01/21 17:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE

PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2005/11/17 08:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll

MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll

MOD - [2012/04/12 02:36:18 | 000,544,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libglesv2.dll

MOD - [2012/04/12 02:36:17 | 000,117,744 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libegl.dll

MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll

MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll

MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll

MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

MOD - [2011/11/28 23:56:00 | 000,028,160 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll

MOD - [2011/08/24 08:05:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll

MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll

MOD - [2011/04/27 09:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll

MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Win32 Services (SafeList) ==========

SRV - [2012/04/13 21:20:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/10/21 04:07:24 | 000,244,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar)

SRV - [2011/08/22 22:18:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Crease\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - [2012/03/24 08:25:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/11/03 13:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)

DRV - [2011/11/03 13:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/08/10 19:05:43 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)

DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)

DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes,DefaultScope = {0B85D0B2-60F4-94A0-3164-F228253EF30E}

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0B85D0B2-60F4-94A0-3164-F228253EF30E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111122&iesrc={referrer:source}

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{4BB60FAA-EBB0-48D3-9B18-003DB4016D0B}: "URL" = http://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=36afce92a593490898bc7ff53dda9382

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111028&iesrc={referrer:source}

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AEFAFD5F-6C5B-432C-B42E-5B2848B4D9DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:40:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 00:13:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 22:14:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M]

[2011/04/05 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Extensions

[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions

[2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}

[2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

[2012/01/29 11:56:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}

[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info

[2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml

[2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml

[2012/02/01 09:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/06 22:14:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012/02/19 09:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/09/16 12:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2012/02/19 09:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: PDFLite Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: Angry Birds = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: YouTube = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\

CHR - Extension: avast! WebRep = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Send from Gmail (by Google) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

CHR - Extension: Gmail = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found

O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found

O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Facebook Update] C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (SmartDefragBootTime.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/01/19 09:12:28 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Crease\AppData\Roaming\ACT2011Hotfix_SS.exe

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/26 11:20:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/26 10:44:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job

[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 19:44:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job

[2012/04/22 09:30:33 | 000,896,346 | ---- | M] () -- C:\Users\Crease\Desktop\printingplease___.zip

[2012/04/21 09:36:41 | 000,683,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/21 09:36:41 | 000,128,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/20 06:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/20 06:47:21 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/19 14:34:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2012/04/19 14:34:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2012/04/14 14:50:07 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/04/05 19:21:20 | 000,002,503 | ---- | M] () -- C:\Users\Crease\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2012/04/05 19:21:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2012/04/05 19:17:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/04 11:36:39 | 000,015,224 | ---- | M] () -- C:\Users\Crease\Desktop\crain-562_1.jpg

[2012/04/02 11:40:10 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini

[2012/04/02 11:36:53 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 09:30:28 | 000,896,346 | ---- | C] () -- C:\Users\Crease\Desktop\printingplease___.zip

[2012/04/05 19:17:48 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/04/04 11:36:38 | 000,015,224 | ---- | C] () -- C:\Users\Crease\Desktop\crain-562_1.jpg

[2012/04/02 12:47:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/02 10:38:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[2012/01/26 14:29:26 | 000,007,605 | ---- | C] () -- C:\Users\Crease\AppData\Local\Resmon.ResmonCfg

[2011/12/03 22:51:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/12/03 22:51:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/12/01 15:16:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2011/08/18 13:45:48 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/08/18 13:45:48 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2011/08/10 19:06:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys

[2011/08/10 19:05:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe

[2011/05/18 07:33:18 | 000,149,504 | ---- | C] () -- C:\Users\Crease\AppData\Roaming\SharedSettings.ccs

[2011/05/08 18:19:41 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe

[2011/02/27 11:55:47 | 000,006,144 | ---- | C] () -- C:\Users\Crease\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/19 09:26:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/01/19 09:26:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A42CE820B.sys

[2010/10/28 15:13:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/10/28 15:13:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010/10/28 15:13:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010/10/28 15:13:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010/10/28 15:13:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010/10/28 15:13:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010/10/28 15:13:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010/10/28 15:13:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010/10/28 15:13:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010/10/28 15:13:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010/10/28 15:13:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010/10/28 15:13:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010/10/28 15:09:41 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini

[2010/10/22 06:49:29 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI

[2010/10/22 06:32:23 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll

[2010/10/22 06:32:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/10/22 06:32:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll

[2010/10/22 06:32:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll

[2010/10/22 06:32:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/10/22 06:32:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2011/10/28 06:44:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACASystems

[2011/01/19 09:26:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACT

[2011/05/05 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Amazon

[2011/02/01 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\AnvSoft

[2011/09/29 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Avery

[2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus

[2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon

[2011/05/09 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/10/04 08:36:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\CoffeeCup Software

[2010/09/28 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\com.powerade.pulse.E05451257EBCF1128D1DCCD636C4C762D9BC275D.1

[2011/03/31 11:19:09 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Epson

[2012/01/11 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\eTeks

[2011/09/12 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IObit

[2011/01/19 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IsolatedStorage

[2011/10/04 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Leadertech

[2011/04/21 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\NCH Swift Sound

[2011/04/18 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Opera

[2011/11/22 14:25:27 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\PDFlite

[2010/10/20 21:34:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Sony

[2011/02/01 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent

[2010/11/05 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Thinstall

[2011/11/22 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\WeatherBug

[2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job

[2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job

[2012/01/03 22:26:52 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Users\Crease\Documents\Untitled Attachment:SummaryInformation

< End of report >

OTL Extras logfile created on: 4/26/2012 11:06:11 AM - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free

6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS

Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0964B777-BCDB-41CA-A1A0-329C8C4ABA97}" = lport=137 | protocol=17 | dir=in | app=system |

"{12FDE9AE-6E77-442A-991E-BBB99919466B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1540C8C3-F046-4230-9F5F-2CCB789B40F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1F35A129-0E33-4947-90AB-5B00921D4F96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{20124D2F-ACD6-49FB-AE71-5D1AAF2E8F10}" = rport=10243 | protocol=6 | dir=out | app=system |

"{20181D4A-7FA7-4A8B-AE19-9D68CCEE84FA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{3CCC6A3C-C82A-4ADC-9D9E-5C1A3FB222EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4BBD8487-9307-4E9B-857B-BCA24B40EC9D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4DC48384-C791-4870-B5B1-3F085DA61962}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{50939ECC-3CD7-4057-8030-5A6791BC9D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{577EC96D-D836-47F2-9FB7-BC23055EE704}" = lport=445 | protocol=6 | dir=in | app=system |

"{5AAC2BC5-6F8D-4927-BDD8-70502F8E9DAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5DA06F0C-1C5C-45D8-A77D-C9E02A4C9D57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{65123A0E-23C7-4C5B-9D0F-33467750B53A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7A37878B-C94E-4093-974B-42BDE9713618}" = lport=138 | protocol=17 | dir=in | app=system |

"{8256C605-A351-4F9B-8E32-46CC478B3A42}" = rport=138 | protocol=17 | dir=out | app=system |

"{847BE0B1-2AE1-4A91-A9EE-337A215866A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{90B01A6A-35AE-45DC-A410-5BC265CB2D52}" = lport=12345 | protocol=6 | dir=in | name=motorola helper |

"{9EF44006-6AA0-44A6-A9E4-C6D4DFBBB78C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{A863DC60-18E1-4C28-A089-AC309F97FEDF}" = lport=139 | protocol=6 | dir=in | app=system |

"{ABB80837-263C-4A3D-A27D-942119E4DBBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ADD953D7-7087-4F4C-A98D-9CD7125D69AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AE3720A6-B29C-4B4C-BF9B-786A62B59DE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B06514F5-416C-4561-B13A-FF5A857018EA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C0D1BF73-59D2-41E0-B398-C9B13E829B8F}" = rport=445 | protocol=6 | dir=out | app=system |

"{CDBFAF85-193F-4C63-89E9-1645C8833EA6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D17774F5-A691-490E-B7DB-66A9DC01B0C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D3616EF1-4C17-4C91-A99C-CD3F3F9EEC08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{EF05C6E4-BD96-433D-88F5-B9DB94C62BA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F2A3CAC3-56C9-4E7B-8F86-65C0884018FD}" = rport=137 | protocol=17 | dir=out | app=system |

"{F3BBDAFE-34C7-4998-8F88-A571B605132F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F8519472-DBE0-4C0E-94B9-6AB7B9C57D96}" = rport=139 | protocol=6 | dir=out | app=system |

"{F9AB0B29-AA09-4782-A041-0991E68C3419}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{002C5928-843D-41AA-B88A-6BBF1A726F07}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{0454E8E8-1375-4C7B-8704-B8D5B3F1DBAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0DDDFCFC-7D36-4AA8-A695-2B77B865AEC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{17083D0C-3496-4426-84EE-F26A710F1C5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1B7E531A-AA35-464E-820C-6F9F482380B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{2289FF66-E1F2-42FF-AE78-B120E4DF5BFA}" = dir=in | app=c:\users\crease\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{25574F1E-A471-481B-A4BE-3FF9E1F61A2B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{2572623D-7243-4A63-AAD2-45F7C380A7A3}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{2B12F140-D052-414E-8DE4-7A3E3845B8E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4401B316-EE6C-4463-AA9C-A88D7AB12155}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{4B1CD8F4-B23B-46C2-B67B-6F88ED601FAE}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{4FABF83F-3E8D-4EF0-9BA0-CB8FE09B3943}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{500A8E0B-7B2E-4164-B315-9B09FC379D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{66F224B8-E2B2-459E-8FF6-28BB37DEB854}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{684EDB54-D17C-4967-8CF9-BA20938D8098}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{68F4A98F-3D76-483A-8E5E-463409B482D3}" = protocol=17 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe |

"{6C963949-84D9-4254-B0FD-BB271964492B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{72CA5A6C-426C-4CF2-885F-A8D839E1D1A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{75A92E26-C70E-4ED4-93F9-DD459CC83578}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{7669F6CB-1B4F-4773-A3A7-0847BA027C0F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{78602B35-CA5D-41DB-B2FB-24C80274511B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7C92818A-7E30-4192-923A-E45156F80C95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7EF25FC9-78CA-4C29-8EEB-A8594EDE6955}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{7F002721-0BE3-4790-9433-F3C418CB42FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7FBA8593-9154-4BF2-BDD8-8664B2F6D9BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{812BBCD8-D612-4A1F-9700-BC93B5478F1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{84BE3A9E-5700-4E2C-9B6B-30F7F98F5382}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{8D5C65C9-D7F9-4870-B4FF-CD88A6928AFF}" = protocol=6 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe |

"{8FD4899D-531B-40C9-AB19-9B9C79C79C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{90559BC2-4FB4-4A82-B9A8-05C33BA27AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9CAE08F5-55B7-4782-9C00-1F7E44B45FA3}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{A7031438-4A99-4A60-AE87-C52E7CE30CF1}" = protocol=6 | dir=out | app=system |

"{AF55BD6F-8125-47AE-BF70-2D611858533C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B93E6B0F-8A0D-4BBC-980E-19006B4B1EA0}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{BFA3A68E-26B0-4F5C-ADAD-B38C1F563976}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C335316F-AEC6-4664-B306-09C81B9475E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{C4F432B3-394E-4D10-9164-C3FB4B8E7541}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CA6D3F28-764F-4DD3-B6E8-F4F9113D686C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CD5953C2-83F3-4E82-9F90-B80BCAA1D8AF}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{CDC964C9-3E8C-4262-A340-4FC84AC11B23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CF54AD5B-AC64-45A9-917F-99728F986169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{D2197D8B-2AA1-4C1F-8B4C-09475A3AA486}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{E4D1CEDA-7338-4C66-BF00-74619DD3628B}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |

"{E7B6E3A7-CA91-4F60-B283-99B489375B28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"TCP Query User{1FD475EF-150C-4FB2-8B94-432291413932}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe |

"TCP Query User{2822C698-C979-403D-8AC9-14942204F85E}C:\program files\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files\act\act for windows\actsage.exe |

"TCP Query User{2DBD51BF-0195-4F87-8CCC-D6B8AD2AF948}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{2DFB109C-7E4E-4A72-B3AE-F7CB2530C0BA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{5DC2D5CD-484A-4176-80F3-374D11E53127}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{629DB2ED-EF9F-438D-B6B2-132C77C572FB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{7104B38C-CD4C-4E78-AD0D-400C68C59F56}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe |

"TCP Query User{9106C84B-B8FD-4F05-B524-F98F6DAC58FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"TCP Query User{B562C6B0-019F-45B0-A551-2FB7DCDC59FD}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"TCP Query User{D6493256-1351-4EB6-AAD4-43BC5127E67F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{F457F2A5-3FF7-4592-8D03-64108CEC581E}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |

"UDP Query User{2CC04A8F-0A59-443C-B19B-B53ECBE6242A}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe |

"UDP Query User{31F4D303-46CB-42BE-B17C-AE0FA99B4D13}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe |

"UDP Query User{511787F3-0837-46F8-9840-2D199B6E4464}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"UDP Query User{A4792340-C074-45B1-BA50-168BCE14C319}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{A73A8876-50C6-45D6-BA80-26FDC7867E0A}C:\program files\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files\act\act for windows\actsage.exe |

"UDP Query User{ADACCD37-BDFE-4236-8167-97C00C2DF03F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{B8E8AECD-AF04-422B-9739-C3FB1520A10A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{BDC511A8-E59F-4271-B6E7-660782DC38C6}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |

"UDP Query User{E5FA66EA-0476-4D33-AB6C-81EB35752FEA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{E714A6F5-38AB-460A-B669-9C084187006E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{EF878373-9A82-4B43-92BA-B3A5EC84A1AC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1C23A809-EE16-453B-8CD6-94443B917839}" = Mototools Software Update

"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3248F0A8-6813-11D6-A77B-00B0D0150200}" = J2SE Runtime Environment 5.0 Update 20

"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0

"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8

"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client

"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{60C7374C-B546-45DE-A578-2E29BA8C3F1C}" = Moto Helper Service

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0

"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3

"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared

"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI

"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"8461-7759-5462-8226" = Vuze

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Any Video Converter_is1" = Any Video Converter 3.1.8

"AppInventor Setup" = AppInventor Setup

"avast" = avast! Free Antivirus

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ColorPic" = ColorPic

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50

"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall

"EPSON Scanner" = EPSON Scan

"ExpressBurn" = Express Burn Disc Burning Software

"ExpressRip" = Express Rip

"FLV Pro Player" = FLV Pro Player

"Google Chrome" = Google Chrome

"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181

"HDMI" = Intel® Graphics Media Accelerator Driver

"Hide IP Platinum_is1" = Hide IP Platinum 3.43

"Homepage Protection Service" = Homepage Protection Service

"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2

"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0

"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Opera 11.51.1087" = Opera 11.51

"Opera 11.62.1347" = Opera 11.62

"PDFlite" = PDFlite 0.5

"PDFLite Toolbar" = PDFLite Toolbar

"Picasa 3" = Picasa 3

"Prism" = Prism Video File Converter

"RealPlayer 12.0" = RealPlayer

"Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0

"Smart Defrag 2_is1" = Smart Defrag 2

"StartNow Toolbar" = StartNow Toolbar

"StreamTorrent 1.0" = StreamTorrent 1.0

"Switch" = Switch Sound File Converter

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tele Hypnosis Pro De Luxe Multisession 4" = Tele Hypnosis Pro De Luxe Multisession 4

"VLC media player" = VLC media player 1.1.11

"Vuze_Remote Toolbar" = Vuze Remote Toolbar

"WavePad" = WavePad Sound Editor

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.2.1 final uninstall

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"Notepad App" = Notepad App

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Maniac · April 26, 2012

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you to uninstall Ad-Aware and to leave avast! Antivirus.

Also, uninstall the following:

Vuze

Vuze Remote Toolbar

StreamTorrent 1.0

Because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

PDFLite Toolbar - Toolbar bundled with PDFlite - PDF Reader and Converter - a Zugo adware toolbar variant.

StartNow Toolbar - Zugo adware toolbar variant, connects to installmonetizer.com .

Step 3

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M]
[2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}
[2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}
[2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info
[2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml
[2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml
[2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\
O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
[2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus
[2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon
[2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent

:files
C:\Program Files\StartNow Toolbar
C:\Program Files\Vuze_Remote
C:\Program Files\PDFLite Toolbar
C:\Program Files\Search Toolbar

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

Please download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply, post the following log files:

OTL fix log
Security Check log

crease1 · April 27, 2012

Thanks

OTL logfile created on: 4/26/2012 11:13:25 PM - Run 2

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 30.09% Memory free

6.74 Gb Paging File | 3.34 Gb Available in Paging File | 49.57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 93.06 Gb Total Space | 10.95 Gb Free Space | 11.76% Space Free | Partition Type: NTFS

Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/26 23:00:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL (2).exe