crease1
-
Posts
14 -
Joined
-
Last visited
-
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
still have shockwave flash crashes- don't understand -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
<p> </p> <div>ComboFix 12-05-08.01 - Crease 05/08/2012 7:34.2.2 - x86</div> <div>Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.1972 [GMT -5:00]</div> <div>Running from: c:\users\Crease\Desktop\ComboFix.exe</div> <div>Command switches used :: c:\users\Crease\Desktop\CFScript.txt</div> <div>AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}</div> <div>SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}</div> <div>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-05-08 12:48 . 2012-05-08 12:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\config\systemprofile\AppData\Local\temp</div> <div>2012-05-08 12:48 . 2012-05-08 12:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-05-07 09:14 . 2012-05-07 09:14<span class="Apple-tab-span" style="white-space:pre"> </span>56200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\offreg.dll</div> <div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Maintenance Service</div> <div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>157352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\maintenanceservice_installer.exe</div> <div>2012-05-06 16:28 . 2012-05-06 16:28<span class="Apple-tab-span" style="white-space:pre"> </span>129976<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\maintenanceservice.exe</div> <div>2012-05-02 12:09 . 2012-04-18 08:06<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\mpengine.dll</div> <div>2012-05-02 12:06 . 2012-03-01 05:53<span class="Apple-tab-span" style="white-space:pre"> </span>19312<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div> <div>2012-05-02 12:06 . 2012-03-01 05:49<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div> <div>2012-05-02 12:06 . 2012-03-01 05:45<span class="Apple-tab-span" style="white-space:pre"> </span>158720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div> <div>2012-05-02 12:06 . 2012-03-01 05:40<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div> <div>2012-04-28 18:09 . 2012-02-03 04:01<span class="Apple-tab-span" style="white-space:pre"> </span>2341376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-04-28 18:09 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1074176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\DWrite.dll</div> <div>2012-04-28 18:09 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>218624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10_1core.dll</div> <div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>161792<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10_1.dll</div> <div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1170944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3d10warp.dll</div> <div>2012-04-28 18:08 . 2012-02-10 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>739840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d2d1.dll</div> <div>2012-04-28 18:08 . 2011-09-29 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>1285488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tcpip.sys</div> <div>2012-04-28 18:08 . 2011-11-17 05:41<span class="Apple-tab-span" style="white-space:pre"> </span>1288984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntdll.dll</div> <div>2012-04-28 18:08 . 2011-10-01 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>708608<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\System\wab32.dll</div> <div>2012-04-28 18:08 . 2011-08-17 04:26<span class="Apple-tab-span" style="white-space:pre"> </span>465408<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\psisdecd.dll</div> <div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>75776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\psisrndr.ax</div> <div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>204288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSNP.ax</div> <div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>72704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Mpeg2Data.ax</div> <div>2012-04-28 18:08 . 2011-08-17 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>59904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MSDvbNP.ax</div> <div>2012-04-28 18:08 . 2011-11-05 04:30<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</div> <div>2012-04-28 18:07 . 2011-08-27 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>571904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\oleaut32.dll</div> <div>2012-04-28 18:07 . 2011-08-27 04:43<span class="Apple-tab-span" style="white-space:pre"> </span>233472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\oleacc.dll</div> <div>2012-04-28 18:07 . 2011-11-19 14:06<span class="Apple-tab-span" style="white-space:pre"> </span>67072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\packager.dll</div> <div>2012-04-28 18:07 . 2011-10-15 05:48<span class="Apple-tab-span" style="white-space:pre"> </span>534528<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\EncDec.dll</div> <div>2012-04-28 18:07 . 2011-10-26 04:25<span class="Apple-tab-span" style="white-space:pre"> </span>38912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\csrsrv.dll</div> <div>2012-04-28 18:07 . 2011-10-26 04:28<span class="Apple-tab-span" style="white-space:pre"> </span>1328640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\quartz.dll</div> <div>2012-04-28 18:07 . 2011-10-26 04:28<span class="Apple-tab-span" style="white-space:pre"> </span>514560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\qdvd.dll</div> <div>2012-04-28 18:07 . 2011-07-16 04:34<span class="Apple-tab-span" style="white-space:pre"> </span>290816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\KernelBase.dll</div> <div>2012-04-28 18:07 . 2011-07-16 04:31<span class="Apple-tab-span" style="white-space:pre"> </span>271360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\conhost.exe</div> <div>2012-04-28 18:02 . 2011-10-26 04:42<span class="Apple-tab-span" style="white-space:pre"> </span>3957104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2012-04-28 18:02 . 2011-10-26 04:42<span class="Apple-tab-span" style="white-space:pre"> </span>3901808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2012-04-28 17:59 . 2012-02-15 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>826368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div> <div>2012-04-28 17:59 . 2012-02-15 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>24064<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tdtcp.sys</div> <div>2012-04-28 17:59 . 2012-02-15 04:22<span class="Apple-tab-span" style="white-space:pre"> </span>177152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\rdpwd.sys</div> <div>2012-04-28 17:59 . 2012-01-25 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>57856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpwsx.dll</div> <div>2012-04-28 17:59 . 2012-01-25 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>129536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcorekmts.dll</div> <div>2012-04-28 17:59 . 2012-01-25 05:40<span class="Apple-tab-span" style="white-space:pre"> </span>8192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdrmemptylst.exe</div> <div>2012-04-28 04:41 . 2012-05-08 12:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Crease\AppData\Roaming\Azureus</div> <div>2012-04-28 02:17 . 2012-04-28 02:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\_OTL</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-04-28 04:38 . 2010-10-01 03:14<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2012-04-04 20:56 . 2010-09-26 03:33<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-03-06 23:15 . 2011-11-30 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>41184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\avastSS.scr</div> <div>2012-03-06 23:15 . 2011-11-30 18:21<span class="Apple-tab-span" style="white-space:pre"> </span>201352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aswBoot.exe</div> <div>2012-03-06 23:03 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>612184<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSnx.sys</div> <div>2012-03-06 23:03 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>337880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswSP.sys</div> <div>2012-03-06 23:02 . 2012-02-24 15:39<span class="Apple-tab-span" style="white-space:pre"> </span>44376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswRdr2.sys</div> <div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>53848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswTdi.sys</div> <div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>57688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswMonFlt.sys</div> <div>2012-03-06 23:01 . 2011-11-30 18:22<span class="Apple-tab-span" style="white-space:pre"> </span>20696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\aswFsBlk.sys</div> <div>2012-03-03 03:05 . 2011-02-27 18:01<span class="Apple-tab-span" style="white-space:pre"> </span>737072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll</div> <div>2012-02-23 15:18 . 2010-09-26 03:02<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>2012-05-06 16:28 . 2011-04-06 00:52<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</div> <div>@="{472083B0-C522-11CF-8763-00608CC02F24}"</div> <div>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</div> <div>2012-03-06 23:15<span class="Apple-tab-span" style="white-space:pre"> </span>123536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVAST Software\Avast\ashShell.dll</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Facebook Update"="c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536]</div> <div>"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]</div> <div>"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-05 273528]</div> <div>"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]</div> <div>"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]</div> <div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]</div> <div>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</div> <div>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]</div> <div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]</div> <div>.</div> <div>c:\users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-28 576000]</div> <div>OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 0 (0x0)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0SmartDefragBootTime.exe</div> <div>.</div> <div>R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]</div> <div>R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]</div> <div>R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]</div> <div>R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]</div> <div>R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]</div> <div>R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]</div> <div>R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]</div> <div>R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]</div> <div>R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]</div> <div>R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]</div> <div>R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-23 1343400]</div> <div>R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]</div> <div>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]</div> <div>R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]</div> <div>R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]</div> <div>R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456]</div> <div>S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]</div> <div>S1 aswSnx;aswSnx; [x]</div> <div>S1 aswSP;aswSP; [x]</div> <div>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]</div> <div>S2 aswFsBlk;aswFsBlk; [x]</div> <div>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]</div> <div>S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]</div> <div>S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]</div> <div>S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176]</div> <div>S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656]</div> <div>S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]</div> <div>S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448]</div> <div>S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]</div> <div>.</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job</div> <div>- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]</div> <div>.</div> <div>2012-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job</div> <div>- c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27]</div> <div>.</div> <div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]</div> <div>.</div> <div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19]</div> <div>.</div> <div>2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job</div> <div>- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]</div> <div>.</div> <div>2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job</div> <div>- c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39]</div> <div>.</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uDefault_Search_URL = hxxp://www.google.com/ie</div> <div>uInternet Settings,ProxyOverride = 192.168.*.*;*.local</div> <div>uSearchAssistant = hxxp://www.google.com/ie</div> <div>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</div> <div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div> <div>IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html</div> <div>IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html</div> <div>IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html</div> <div>IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000</div> <div>IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105</div> <div>TCP: DhcpNameServer = 192.168.1.1</div> <div>FF - ProfilePath - c:\users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\</div> <div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div> <div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="ChromeHTML"</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="ChromeHTML"</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="ChromeHTML"</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="ChromeHTML"</div> <div>.</div> <div>[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]</div> <div>@Denied: (2) (LocalSystem)</div> <div>"Progid"="ChromeHTML"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>"MSCurrentCountry"=dword:000000b5</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>Completion time: 2012-05-08 07:51:44</div> <div>ComboFix-quarantined-files.txt 2012-05-08 12:51</div> <div>ComboFix2.txt 2012-05-08 01:17</div> <div>.</div> <div>Pre-Run: 12,210,786,304 bytes free</div> <div>Post-Run: 11,926,097,920 bytes free</div> <div>.</div> <div>- - End Of File - - BFF70C2B277344910791458B9435C109</div> -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
ComboFix 12-05-07.03 - Crease 05/07/2012 20:00:43.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.2148 [GMT -5:00] Running from: c:\users\Crease\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\100 c:\programdata\5A42CE820B.sys . . ((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 ))))))))))))))))))))))))))))))) . . 2012-05-08 01:13 . 2012-05-08 01:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-07 09:14 . 2012-05-07 09:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\offreg.dll 2012-05-06 16:28 . 2012-05-06 16:28 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-06 16:28 . 2012-05-06 16:28 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-06 16:28 . 2012-05-06 16:28 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-05-02 12:09 . 2012-04-18 08:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4574EF2-B15E-48D1-B742-6C16D4348641}\mpengine.dll 2012-05-02 12:06 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-05-02 12:06 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-05-02 12:06 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-05-02 12:06 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-28 18:09 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-04-28 18:09 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-04-28 18:09 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-04-28 18:08 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-04-28 18:08 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-04-28 18:08 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-04-28 18:08 . 2011-09-29 15:43 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-28 18:08 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll 2012-04-28 18:08 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-04-28 18:08 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll 2012-04-28 18:08 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax 2012-04-28 18:08 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax 2012-04-28 18:08 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-04-28 18:08 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-04-28 18:08 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll 2012-04-28 18:07 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll 2012-04-28 18:07 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll 2012-04-28 18:07 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll 2012-04-28 18:07 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll 2012-04-28 18:07 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll 2012-04-28 18:07 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll 2012-04-28 18:07 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-04-28 18:07 . 2011-07-16 04:34 290816 ----a-w- c:\windows\system32\KernelBase.dll 2012-04-28 18:07 . 2011-07-16 04:31 271360 ----a-w- c:\windows\system32\conhost.exe 2012-04-28 18:02 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-28 18:02 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-28 17:59 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-28 17:59 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-04-28 17:59 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-28 17:59 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-28 17:59 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-28 17:59 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-28 04:41 . 2012-05-08 01:11 -------- d-----w- c:\users\Crease\AppData\Roaming\Azureus 2012-04-28 02:17 . 2012-04-28 02:17 -------- d-----w- C:\_OTL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-28 04:38 . 2010-10-01 03:14 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 20:56 . 2010-09-26 03:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-06 23:15 . 2011-11-30 18:21 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2011-11-30 18:21 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-06 23:03 . 2011-11-30 18:22 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:03 . 2011-11-30 18:22 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-06 23:02 . 2012-02-24 15:39 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01 . 2011-11-30 18:22 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-06 23:01 . 2011-11-30 18:22 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-06 23:01 . 2011-11-30 18:22 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-03 03:05 . 2011-02-27 18:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-02-23 15:18 . 2010-09-26 03:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-06 16:28 . 2011-04-06 00:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-24 137536] "RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-05 273528] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-9-28 576000] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe . R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-23 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608] R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 367456] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 136176] S2 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [2010-09-15 6656] S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 42884448] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] . . Contents of the 'Scheduled Tasks' folder . 2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job - c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27] . 2012-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job - c:\users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-24 18:27] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-07 13:19] . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job - c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39] . 2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job - c:\users\Crease\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:39] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 192.168.*.*;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109878 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - fcc061a300000000000000a0d156c51d FF - user.js: extensions.BabylonToolbar_i.hardId - fcc061a300000000000000a0d156c51d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,8a,0e,ff,bc,87,1a,48,b3,11,83,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-07 20:17:51 ComboFix-quarantined-files.txt 2012-05-08 01:17 . Pre-Run: 12,697,673,728 bytes free Post-Run: 12,499,697,664 bytes free . - - End Of File - - D9E5B57E903FB2FD83FB782332623E40 -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Nope. Flash still crashing. -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
ok -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Chrome won't let me re install Flash. Says it's automatic.. -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
After uninstalling Chrome won't let me reinstall. Still really slow on the browser. -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Chrome, mostly -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
still have flash crashes -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
??? I posted the reports -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Sorry 'bout that All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5F5D888-2587-E012-A817-7038F5690F26}\ not found. Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" removed from browser.startup.homepage Prefs.js: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" removed from keyword.URL File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ not found. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\searchplugin folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\modules folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\META-INF folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\defaults folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\components folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2}\chrome folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} folder moved successfully. Folder C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ not found. Folder C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}\ not found. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info\content folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info folder moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml moved successfully. C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml moved successfully. C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully. C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{284D58E1-2BA6-416D-9C79-1C703AC51823}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{284D58E1-2BA6-416D-9C79-1C703AC51823}\ deleted successfully. C:\ProgramData\TheBflix\bhoclass.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}\ not found. File C:\Program Files\PDFLite Toolbar\Toolbar32.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C8ACEEB-B1D8-43cc-A387-DA838515368D}\ not found. File C:\Program Files\PDFLite Toolbar\Toolbar32.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0C8413C1-FAD1-446C-8584-BE50576F863E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C8413C1-FAD1-446C-8584-BE50576F863E}\ not found. Registry value HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found. File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper not found. C:\Users\Crease\AppData\Roaming\Azureus\updates folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\mlab folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\hvi folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azemp\mplayer folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\azemp folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\logs\save folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\Crease\AppData\Roaming\Azureus folder moved successfully. C:\Users\Crease\AppData\Roaming\Babylon folder moved successfully. C:\Users\Crease\AppData\Roaming\StreamTorrent\1.0\config folder moved successfully. C:\Users\Crease\AppData\Roaming\StreamTorrent\1.0 folder moved successfully. C:\Users\Crease\AppData\Roaming\StreamTorrent folder moved successfully. ========== FILES ========== File\Folder C:\Program Files\StartNow Toolbar not found. File\Folder C:\Program Files\Vuze_Remote not found. File\Folder C:\Program Files\PDFLite Toolbar not found. File\Folder C:\Program Files\Search Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Crease ->Temp folder emptied: 195117079 bytes ->Temporary Internet Files folder emptied: 237944228 bytes ->Java cache emptied: 5569811 bytes ->FireFox cache emptied: 58722153 bytes ->Google Chrome cache emptied: 311486337 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 21163740 bytes ->Flash cache emptied: 252619 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 116458476 bytes RecycleBin emptied: 138345 bytes Total Files Cleaned = 903.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.42.1 log created on 04272012_211700 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Results of screen317's Security Check version 0.99.32 Windows 7 x86 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 29 Java version out of date! Adobe Flash Player 11.2.202.233 Adobe Reader X (10.1.1) Mozilla Firefox (11.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe ``````````End of Log```````````` -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Thanks OTL logfile created on: 4/26/2012 11:13:25 PM - Run 2 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 30.09% Memory free 6.74 Gb Paging File | 3.34 Gb Available in Paging File | 49.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 10.95 Gb Free Space | 11.76% Space Free | Partition Type: NTFS Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/26 23:00:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL (2).exe PRC - [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011/10/05 14:35:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/08/22 22:20:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2005/11/17 08:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll MOD - [2011/11/28 23:56:00 | 000,028,160 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll MOD - [2011/08/24 08:05:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll MOD - [2011/04/27 09:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012/04/13 21:20:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/22 22:18:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Crease\AppData\Local\Temp\mbr.sys -- (mbr) DRV - [2012/03/24 08:25:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/08/10 19:05:43 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv) DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel® DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0B85D0B2-60F4-94A0-3164-F228253EF30E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0B85D0B2-60F4-94A0-3164-F228253EF30E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111122&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d IE - HKCU\..\SearchScopes\{4BB60FAA-EBB0-48D3-9B18-003DB4016D0B}: "URL" = http://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=36afce92a593490898bc7ff53dda9382 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111028&iesrc={referrer:source} IE - HKCU\..\SearchScopes\{AEFAFD5F-6C5B-432C-B42E-5B2848B4D9DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKCU\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 00:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 22:14:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M] [2011/04/05 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Extensions [2012/04/26 22:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions [2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} [2012/01/29 11:56:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info [2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml [2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml [2012/02/01 09:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/06 22:14:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/02/19 09:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/09/16 12:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old [2012/02/19 09:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: PDFLite Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: Angry Birds = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: YouTube = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\ CHR - Extension: avast! WebRep = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Send from Gmail (by Google) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\ CHR - Extension: Gmail = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula) O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [CLEARALLRESTOREPOINTS] Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/05 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/02 12:47:28 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2011/01/19 09:12:28 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Crease\AppData\Roaming\ACT2011Hotfix_SS.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 23:20:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/26 22:44:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 22:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job [2012/04/26 19:44:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 13:32:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job [2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/22 09:30:33 | 000,896,346 | ---- | M] () -- C:\Users\Crease\Desktop\printingplease___.zip [2012/04/21 09:36:41 | 000,683,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/21 09:36:41 | 000,128,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/20 06:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/20 06:47:21 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys [2012/04/19 14:34:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012/04/19 14:34:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012/04/14 14:50:07 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/13 21:20:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/04/13 21:20:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/04/05 19:21:20 | 000,002,503 | ---- | M] () -- C:\Users\Crease\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/04/05 19:21:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/05 19:17:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/04 11:36:39 | 000,015,224 | ---- | M] () -- C:\Users\Crease\Desktop\crain-562_1.jpg [2012/04/02 11:40:10 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini [2012/04/02 11:36:53 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/22 09:30:28 | 000,896,346 | ---- | C] () -- C:\Users\Crease\Desktop\printingplease___.zip [2012/04/05 19:17:48 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/04 11:36:38 | 000,015,224 | ---- | C] () -- C:\Users\Crease\Desktop\crain-562_1.jpg [2012/04/02 12:47:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/02 10:38:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012/01/26 14:29:26 | 000,007,605 | ---- | C] () -- C:\Users\Crease\AppData\Local\Resmon.ResmonCfg [2011/12/03 22:51:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/03 22:51:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/08/18 13:45:48 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/08/18 13:45:48 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/08/10 19:06:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys [2011/08/10 19:05:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe [2011/05/18 07:33:18 | 000,149,504 | ---- | C] () -- C:\Users\Crease\AppData\Roaming\SharedSettings.ccs [2011/05/08 18:19:41 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe [2011/02/27 11:55:47 | 000,006,144 | ---- | C] () -- C:\Users\Crease\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/19 09:26:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/01/19 09:26:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A42CE820B.sys [2010/10/28 15:13:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010/10/28 15:13:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010/10/28 15:13:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010/10/28 15:13:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010/10/28 15:13:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010/10/28 15:13:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010/10/28 15:13:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010/10/28 15:13:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010/10/28 15:13:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010/10/28 15:13:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010/10/28 15:13:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010/10/28 15:13:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010/10/28 15:09:41 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini [2010/10/22 06:49:29 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI [2010/10/22 06:32:23 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2010/10/22 06:32:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/10/22 06:32:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2010/10/22 06:32:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2010/10/22 06:32:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/10/22 06:32:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll ========== Custom Scans ========== < :OTL > < IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) > < IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} > < IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 > < IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d > Invalid Switch: ?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d < IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d > < IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 > < IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi > < FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" > < FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" > < FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" > < FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" > < FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" > < FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" > < FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" > < FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M] > Invalid Switch: 11 13:18:26 | 000,000,000 | ---D | M] < [2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} > Invalid Switch: 06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} < [2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} > Invalid Switch: 28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} < [2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} > Invalid Switch: 22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} < [2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} > Invalid Switch: 12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} < [2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info > Invalid Switch: 22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info < [2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml > Invalid Switch: 28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml < [2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml > Invalid Switch: 07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml < [2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml > Invalid Switch: 22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml < CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\ > < O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector) > < O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () > < O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) > < O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found > < O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found > < O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found > < O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () > < O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) > < O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found > < O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) > < O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found > < [2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus > Invalid Switch: 26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus < [2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon > Invalid Switch: 22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon < [2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent > Invalid Switch: 05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent < > < :files > < C:\Program Files\StartNow Toolbar > < C:\Program Files\Vuze_Remote > < C:\Program Files\PDFLite Toolbar > < C:\Program Files\Search Toolbar > < > < :Commands > < [emptytemp] > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Users\Crease\Documents\Untitled Attachment:SummaryInformation < End of report > Results of screen317's Security Check version 0.99.32 Windows 7 x86 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 29 Java version out of date! Adobe Flash Player 11.2.202.233 Adobe Reader X (10.1.1) Mozilla Firefox (11.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe ``````````End of Log```````````` -
Browsers very slow - Flash continually crashes
crease1 replied to crease1's topic in Resolved Malware Removal Logs
Hey Maniac, Thanks so much for your help. Steve OTL logfile created on: 4/26/2012 11:06:11 AM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free 6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/26 11:03:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Crease\Downloads\OTL.exe PRC - [2012/04/12 02:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011/11/03 13:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011/10/05 14:35:01 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/08/22 22:20:14 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/27 09:56:10 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files\Vuze\Azureus.exe PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe PRC - [2010/01/21 17:22:06 | 020,752,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE PRC - [2010/01/21 17:20:06 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2005/11/17 08:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe ========== Modules (No Company Name) ========== MOD - [2012/04/12 02:37:34 | 000,444,400 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll MOD - [2012/04/12 02:37:33 | 003,915,248 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll MOD - [2012/04/12 02:36:18 | 000,544,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libglesv2.dll MOD - [2012/04/12 02:36:17 | 000,117,744 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\libegl.dll MOD - [2012/04/12 02:36:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avutil-51.dll MOD - [2012/04/12 02:36:06 | 000,220,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avformat-53.dll MOD - [2012/04/12 02:36:05 | 001,747,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll MOD - [2012/04/12 01:51:55 | 008,743,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll MOD - [2011/11/28 23:56:00 | 000,028,160 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll MOD - [2011/08/24 08:05:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/27 09:56:18 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll MOD - [2011/04/27 09:56:18 | 000,015,884 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll MOD - [2011/04/27 09:56:10 | 000,087,480 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Win32 Services (SafeList) ========== SRV - [2012/04/13 21:20:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/10/21 04:07:24 | 000,244,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PDFLite Toolbar\ToolbarUpdaterService.exe -- (Updater Service for PDFLite Toolbar) SRV - [2011/08/22 22:18:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/07/27 06:06:44 | 000,267,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/15 00:33:34 | 000,006,656 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe -- (MotoHelper.exe) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Crease\AppData\Local\Temp\mbr.sys -- (mbr) DRV - [2012/03/24 08:25:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/06 18:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/03 13:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2011/11/03 13:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2011/08/10 19:05:43 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv) DRV - [2011/05/13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/05/13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/05/13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV - [2011/05/13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011/05/13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/04/03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 19:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel® DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2006/07/06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes,DefaultScope = {0B85D0B2-60F4-94A0-3164-F228253EF30E} IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0B85D0B2-60F4-94A0-3164-F228253EF30E}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111122&iesrc={referrer:source} IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109878&babsrc=SP_ss&mntrId=fcc061a300000000000000a0d156c51d IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{4BB60FAA-EBB0-48D3-9B18-003DB4016D0B}: "URL" = http://flvtubesearch.co/?tmp=toolbar_FlvTube_results&prt=flvtubetb01ie&Keywords={searchTerms}&clid=36afce92a593490898bc7ff53dda9382 IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111028&iesrc={referrer:source} IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AEFAFD5F-6C5B-432C-B42E-5B2848B4D9DC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}: "URL" = http://bing.zugo.com/s/?q={searchTerms}&iesrc=IE-SearchBox&site=Bing&cfg=2-76-0-1UYhi IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d" FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFLite_Browser_Plugin: C:\Program Files\PDFlite\npPdfViewer.dll (PDFLite) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:40:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/23 00:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 22:14:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hideip@hide-ip-soft.com: C:\Windows\vf_hip\ [2011/02/11 13:18:26 | 000,000,000 | ---D | M] [2011/04/05 19:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Extensions [2012/04/12 15:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions [2012/03/06 08:38:00 | 000,000,000 | ---D | M] (Translator 3.1 Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{3eec3c07-13c6-4b41-87c6-40b425a0b0a2} [2011/10/28 06:51:12 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [2012/01/29 11:56:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/11/22 14:19:59 | 000,000,000 | ---D | M] (PDFLite Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} [2012/04/12 15:31:03 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2012/02/22 14:15:12 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\extensions\info@bflix.info [2011/10/28 06:51:11 | 000,001,945 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\bing-zugo.xml [2011/09/07 00:12:28 | 000,000,879 | ---- | M] () -- C:\Users\Crease\AppData\Roaming\Mozilla\Firefox\Profiles\kxx1n4pw.default\searchplugins\conduit.xml [2012/02/01 09:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/06 22:14:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/22 13:16:54 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/02/19 09:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/09/16 12:56:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old [2012/02/19 09:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: PDFLite Browser Plugin (Enabled) = C:\Program Files\PDFlite\npPdfViewer.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Crease\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - Extension: Angry Birds = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: YouTube = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: TheBflix = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffddhoembaoobihhkpcjbmlhofokcjd\5.0_0\ CHR - Extension: avast! WebRep = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Send from Gmail (by Google) = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\ CHR - Extension: Gmail = C:\Users\Crease\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (TheBflix Class) - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll (Injector) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (PDFLite Toolbar Helper) - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found O3 - HKLM\..\Toolbar: (PDFLite Toolbar) - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar\Toolbar32.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [EPSON NX420 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Facebook Update] C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-4032758191-1996813104-509463509-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Users\Crease\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/04/05 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/01/19 09:12:28 | 017,491,272 | ---- | C] (Sage Software ) -- C:\Users\Crease\AppData\Roaming\ACT2011Hotfix_SS.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 11:20:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/26 10:44:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job [2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 07:00:01 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 19:44:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job [2012/04/22 09:30:33 | 000,896,346 | ---- | M] () -- C:\Users\Crease\Desktop\printingplease___.zip [2012/04/21 09:36:41 | 000,683,576 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/21 09:36:41 | 000,128,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/20 06:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/20 06:47:21 | 2408,095,744 | -HS- | M] () -- C:\hiberfil.sys [2012/04/19 14:34:16 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012/04/19 14:34:16 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012/04/14 14:50:07 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/05 19:21:20 | 000,002,503 | ---- | M] () -- C:\Users\Crease\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/04/05 19:21:20 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/04/05 19:17:48 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/04 11:36:39 | 000,015,224 | ---- | M] () -- C:\Users\Crease\Desktop\crain-562_1.jpg [2012/04/02 11:40:10 | 000,000,088 | ---- | M] () -- C:\Windows\ENX420.ini [2012/04/02 11:36:53 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Crease\Desktop\*.tmp files -> C:\Users\Crease\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/22 09:30:28 | 000,896,346 | ---- | C] () -- C:\Users\Crease\Desktop\printingplease___.zip [2012/04/05 19:17:48 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/04 11:36:38 | 000,015,224 | ---- | C] () -- C:\Users\Crease\Desktop\crain-562_1.jpg [2012/04/02 12:47:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/02 10:38:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012/01/26 14:29:26 | 000,007,605 | ---- | C] () -- C:\Users\Crease\AppData\Local\Resmon.ResmonCfg [2011/12/03 22:51:49 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/03 22:51:49 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/12/01 15:16:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011/08/18 13:45:48 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/08/18 13:45:48 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/08/10 19:06:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys [2011/08/10 19:05:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe [2011/05/18 07:33:18 | 000,149,504 | ---- | C] () -- C:\Users\Crease\AppData\Roaming\SharedSettings.ccs [2011/05/08 18:19:41 | 000,134,078 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe [2011/02/27 11:55:47 | 000,006,144 | ---- | C] () -- C:\Users\Crease\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/19 09:26:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/01/19 09:26:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A42CE820B.sys [2010/10/28 15:13:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010/10/28 15:13:39 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010/10/28 15:13:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010/10/28 15:13:39 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010/10/28 15:13:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010/10/28 15:13:39 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010/10/28 15:13:39 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010/10/28 15:13:39 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010/10/28 15:13:39 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010/10/28 15:13:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010/10/28 15:13:39 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010/10/28 15:13:39 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010/10/28 15:13:39 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010/10/28 15:13:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010/10/28 15:09:41 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini [2010/10/22 06:49:29 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI [2010/10/22 06:32:23 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2010/10/22 06:32:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/10/22 06:32:23 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2010/10/22 06:32:23 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2010/10/22 06:32:23 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/10/22 06:32:23 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll ========== LOP Check ========== [2011/10/28 06:44:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACASystems [2011/01/19 09:26:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\ACT [2011/05/05 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Amazon [2011/02/01 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\AnvSoft [2011/09/29 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Avery [2012/04/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Azureus [2012/02/22 13:16:11 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Babylon [2011/05/09 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/10/04 08:36:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\CoffeeCup Software [2010/09/28 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\com.powerade.pulse.E05451257EBCF1128D1DCCD636C4C762D9BC275D.1 [2011/03/31 11:19:09 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Epson [2012/01/11 21:43:55 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\eTeks [2011/09/12 17:42:20 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IObit [2011/01/19 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\IsolatedStorage [2011/10/04 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Leadertech [2011/04/21 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\NCH Swift Sound [2011/04/18 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Opera [2011/11/22 14:25:27 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\PDFlite [2010/10/20 21:34:03 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Sony [2011/02/01 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/04/05 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\StreamTorrent [2010/11/05 08:12:04 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\Thinstall [2011/11/22 14:21:05 | 000,000,000 | ---D | M] -- C:\Users\Crease\AppData\Roaming\WeatherBug [2012/04/25 13:32:05 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000Core.job [2012/04/26 10:32:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4032758191-1996813104-509463509-1000UA.job [2012/01/03 22:26:52 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Users\Crease\Documents\Untitled Attachment:SummaryInformation < End of report > OTL Extras logfile created on: 4/26/2012 11:06:11 AM - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Crease\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.97% Memory free 6.74 Gb Paging File | 2.64 Gb Available in Paging File | 39.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 10.62 Gb Free Space | 11.42% Space Free | Partition Type: NTFS Computer Name: CREASE-PC | User Name: Crease | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0964B777-BCDB-41CA-A1A0-329C8C4ABA97}" = lport=137 | protocol=17 | dir=in | app=system | "{12FDE9AE-6E77-442A-991E-BBB99919466B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1540C8C3-F046-4230-9F5F-2CCB789B40F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F35A129-0E33-4947-90AB-5B00921D4F96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20124D2F-ACD6-49FB-AE71-5D1AAF2E8F10}" = rport=10243 | protocol=6 | dir=out | app=system | "{20181D4A-7FA7-4A8B-AE19-9D68CCEE84FA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3CCC6A3C-C82A-4ADC-9D9E-5C1A3FB222EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BBD8487-9307-4E9B-857B-BCA24B40EC9D}" = lport=10243 | protocol=6 | dir=in | app=system | "{4DC48384-C791-4870-B5B1-3F085DA61962}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{50939ECC-3CD7-4057-8030-5A6791BC9D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{577EC96D-D836-47F2-9FB7-BC23055EE704}" = lport=445 | protocol=6 | dir=in | app=system | "{5AAC2BC5-6F8D-4927-BDD8-70502F8E9DAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5DA06F0C-1C5C-45D8-A77D-C9E02A4C9D57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{65123A0E-23C7-4C5B-9D0F-33467750B53A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7A37878B-C94E-4093-974B-42BDE9713618}" = lport=138 | protocol=17 | dir=in | app=system | "{8256C605-A351-4F9B-8E32-46CC478B3A42}" = rport=138 | protocol=17 | dir=out | app=system | "{847BE0B1-2AE1-4A91-A9EE-337A215866A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{90B01A6A-35AE-45DC-A410-5BC265CB2D52}" = lport=12345 | protocol=6 | dir=in | name=motorola helper | "{9EF44006-6AA0-44A6-A9E4-C6D4DFBBB78C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{A863DC60-18E1-4C28-A089-AC309F97FEDF}" = lport=139 | protocol=6 | dir=in | app=system | "{ABB80837-263C-4A3D-A27D-942119E4DBBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ADD953D7-7087-4F4C-A98D-9CD7125D69AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AE3720A6-B29C-4B4C-BF9B-786A62B59DE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B06514F5-416C-4561-B13A-FF5A857018EA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C0D1BF73-59D2-41E0-B398-C9B13E829B8F}" = rport=445 | protocol=6 | dir=out | app=system | "{CDBFAF85-193F-4C63-89E9-1645C8833EA6}" = lport=2869 | protocol=6 | dir=in | app=system | "{D17774F5-A691-490E-B7DB-66A9DC01B0C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D3616EF1-4C17-4C91-A99C-CD3F3F9EEC08}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EF05C6E4-BD96-433D-88F5-B9DB94C62BA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2A3CAC3-56C9-4E7B-8F86-65C0884018FD}" = rport=137 | protocol=17 | dir=out | app=system | "{F3BBDAFE-34C7-4998-8F88-A571B605132F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F8519472-DBE0-4C0E-94B9-6AB7B9C57D96}" = rport=139 | protocol=6 | dir=out | app=system | "{F9AB0B29-AA09-4782-A041-0991E68C3419}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002C5928-843D-41AA-B88A-6BBF1A726F07}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{0454E8E8-1375-4C7B-8704-B8D5B3F1DBAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0DDDFCFC-7D36-4AA8-A695-2B77B865AEC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{17083D0C-3496-4426-84EE-F26A710F1C5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1B7E531A-AA35-464E-820C-6F9F482380B0}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{2289FF66-E1F2-42FF-AE78-B120E4DF5BFA}" = dir=in | app=c:\users\crease\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{25574F1E-A471-481B-A4BE-3FF9E1F61A2B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{2572623D-7243-4A63-AAD2-45F7C380A7A3}" = dir=in | app=c:\program files\itunes\itunes.exe | "{2B12F140-D052-414E-8DE4-7A3E3845B8E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4401B316-EE6C-4463-AA9C-A88D7AB12155}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{4B1CD8F4-B23B-46C2-B67B-6F88ED601FAE}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{4FABF83F-3E8D-4EF0-9BA0-CB8FE09B3943}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{500A8E0B-7B2E-4164-B315-9B09FC379D1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{66F224B8-E2B2-459E-8FF6-28BB37DEB854}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{684EDB54-D17C-4967-8CF9-BA20938D8098}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68F4A98F-3D76-483A-8E5E-463409B482D3}" = protocol=17 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe | "{6C963949-84D9-4254-B0FD-BB271964492B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{72CA5A6C-426C-4CF2-885F-A8D839E1D1A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{75A92E26-C70E-4ED4-93F9-DD459CC83578}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{7669F6CB-1B4F-4773-A3A7-0847BA027C0F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{78602B35-CA5D-41DB-B2FB-24C80274511B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7C92818A-7E30-4192-923A-E45156F80C95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7EF25FC9-78CA-4C29-8EEB-A8594EDE6955}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{7F002721-0BE3-4790-9433-F3C418CB42FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7FBA8593-9154-4BF2-BDD8-8664B2F6D9BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{812BBCD8-D612-4A1F-9700-BC93B5478F1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84BE3A9E-5700-4E2C-9B6B-30F7F98F5382}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{8D5C65C9-D7F9-4870-B4FF-CD88A6928AFF}" = protocol=6 | dir=in | app=c:\users\crease\downloads\imageviewersetup.exe | "{8FD4899D-531B-40C9-AB19-9B9C79C79C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{90559BC2-4FB4-4A82-B9A8-05C33BA27AF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CAE08F5-55B7-4782-9C00-1F7E44B45FA3}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{A7031438-4A99-4A60-AE87-C52E7CE30CF1}" = protocol=6 | dir=out | app=system | "{AF55BD6F-8125-47AE-BF70-2D611858533C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B93E6B0F-8A0D-4BBC-980E-19006B4B1EA0}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{BFA3A68E-26B0-4F5C-ADAD-B38C1F563976}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C335316F-AEC6-4664-B306-09C81B9475E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{C4F432B3-394E-4D10-9164-C3FB4B8E7541}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA6D3F28-764F-4DD3-B6E8-F4F9113D686C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CD5953C2-83F3-4E82-9F90-B80BCAA1D8AF}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "{CDC964C9-3E8C-4262-A340-4FC84AC11B23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CF54AD5B-AC64-45A9-917F-99728F986169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D2197D8B-2AA1-4C1F-8B4C-09475A3AA486}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{E4D1CEDA-7338-4C66-BF00-74619DD3628B}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | "{E7B6E3A7-CA91-4F60-B283-99B489375B28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{1FD475EF-150C-4FB2-8B94-432291413932}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe | "TCP Query User{2822C698-C979-403D-8AC9-14942204F85E}C:\program files\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files\act\act for windows\actsage.exe | "TCP Query User{2DBD51BF-0195-4F87-8CCC-D6B8AD2AF948}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{2DFB109C-7E4E-4A72-B3AE-F7CB2530C0BA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{5DC2D5CD-484A-4176-80F3-374D11E53127}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{629DB2ED-EF9F-438D-B6B2-132C77C572FB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{7104B38C-CD4C-4E78-AD0D-400C68C59F56}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe | "TCP Query User{9106C84B-B8FD-4F05-B524-F98F6DAC58FD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "TCP Query User{B562C6B0-019F-45B0-A551-2FB7DCDC59FD}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "TCP Query User{D6493256-1351-4EB6-AAD4-43BC5127E67F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{F457F2A5-3FF7-4592-8D03-64108CEC581E}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe | "UDP Query User{2CC04A8F-0A59-443C-B19B-B53ECBE6242A}C:\program files\java\jre1.5.0_20\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_20\bin\javaw.exe | "UDP Query User{31F4D303-46CB-42BE-B17C-AE0FA99B4D13}C:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\crease\appdata\local\temp\cprogram filesopera\operaupgrader.exe | "UDP Query User{511787F3-0837-46F8-9840-2D199B6E4464}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "UDP Query User{A4792340-C074-45B1-BA50-168BCE14C319}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{A73A8876-50C6-45D6-BA80-26FDC7867E0A}C:\program files\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files\act\act for windows\actsage.exe | "UDP Query User{ADACCD37-BDFE-4236-8167-97C00C2DF03F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{B8E8AECD-AF04-422B-9739-C3FB1520A10A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{BDC511A8-E59F-4271-B6E7-660782DC38C6}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe | "UDP Query User{E5FA66EA-0476-4D33-AB6C-81EB35752FEA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{E714A6F5-38AB-460A-B669-9C084187006E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | "UDP Query User{EF878373-9A82-4B43-92BA-B3A5EC84A1AC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1C23A809-EE16-453B-8CD6-94443B917839}" = Mototools Software Update "{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29 "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3248F0A8-6813-11D6-A77B-00B0D0150200}" = J2SE Runtime Environment 5.0 Update 20 "{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0 "{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8 "{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client "{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{60C7374C-B546-45DE-A578-2E29BA8C3F1C}" = Moto Helper Service "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0 "{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English) "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC90EAE9-0E03-44A1-BF36-0B670B8B8E19}" = CoffeeCup Direct FTP "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Any Video Converter_is1" = Any Video Converter 3.1.8 "AppInventor Setup" = AppInventor Setup "avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "ColorPic" = ColorPic "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50 "EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall "EPSON Scanner" = EPSON Scan "ExpressBurn" = Express Burn Disc Burning Software "ExpressRip" = Express Rip "FLV Pro Player" = FLV Pro Player "Google Chrome" = Google Chrome "Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181 "HDMI" = Intel® Graphics Media Accelerator Driver "Hide IP Platinum_is1" = Hide IP Platinum 3.43 "Homepage Protection Service" = Homepage Protection Service "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers. "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281) "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 "MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0 "MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0 "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Opera 11.51.1087" = Opera 11.51 "Opera 11.62.1347" = Opera 11.62 "PDFlite" = PDFlite 0.5 "PDFLite Toolbar" = PDFLite Toolbar "Picasa 3" = Picasa 3 "Prism" = Prism Video File Converter "RealPlayer 12.0" = RealPlayer "Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0 "Smart Defrag 2_is1" = Smart Defrag 2 "StartNow Toolbar" = StartNow Toolbar "StreamTorrent 1.0" = StreamTorrent 1.0 "Switch" = Switch Sound File Converter "SynTPDeinstKey" = Synaptics Pointing Device Driver "Tele Hypnosis Pro De Luxe Multisession 4" = Tele Hypnosis Pro De Luxe Multisession 4 "VLC media player" = VLC media player 1.1.11 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "WavePad" = WavePad Sound Editor "WinRAR archiver" = WinRAR archiver "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4032758191-1996813104-509463509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Notepad App" = Notepad App ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > -
HI, I'm obviously very infected at this point. Everything has become very slow and removal tools not helping much. Thanks in advance for help. Really appreciate it. Steve . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29 Run by Crease at 7:45:30 on 2012-04-26 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3062.584 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\RamBooster 2.0\Rambooster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Vuze\Azureus.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Windows\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = 192.168.*.*;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: TheBflix Class: {284d58e1-2ba6-416d-9c79-1c703ac51823} - c:\programdata\thebflix\bhoclass.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: PDFLite Toolbar Helper: {7413f9fc-8e54-4c93-beb7-1225eb0970ca} - c:\program files\pdflite toolbar\Toolbar32.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\search toolbar\tbcore3.dll TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - c:\program files\search toolbar\tbcore3.dll TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: PDFLite Toolbar: {7c8aceeb-b1d8-43cc-a387-da838515368d} - c:\program files\pdflite toolbar\Toolbar32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File uRun: [Facebook Update] "c:\users\crease\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [AdobeBridge] uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_SCA60.tmp" /EF "HKCU" uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\users\crease\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\2456C6B696E6F574F505C65737F5D494D4F4F5738353030303 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\24573747562747F677E602F46666963656 : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8 TCP: Interfaces\{7FB32EA8-A467-4012-A827-9B8D0AB3B7F0}\65562796A7F6E602D494649443531303C4024463449302355636572756 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\crease\appdata\roaming\mozilla\firefox\profiles\kxx1n4pw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109878&babsrc=adbartrp&mntrId=fcc061a300000000000000a0d156c51d&q= FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\pdflite\npPdfViewer.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\crease\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109878 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - fcc061a300000000000000a0d156c51d FF - user.js: extensions.BabylonToolbar_i.hardId - fcc061a300000000000000a0d156c51d FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17:57 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-30 64512] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-18 16184] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-30 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-30 337880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-30 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-30 57688] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-8-10 17984] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-24 40776] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2012-04-14 02:20:35 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-14 02:20:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-24 13:25:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys . ============= FINISH: 7:48:49.86 =============== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:53:45 AM, on 4/26/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16839) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\RamBooster 2.0\Rambooster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Vuze\Azureus.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Windows\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Crease\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/? AF=109878&babsrc=HP_ss&mntrId=fcc061a300000000000000a0d156c51d R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/? LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat \ActiveX\AcroIEHelperShim.dll O2 - BHO: TheBflix - {284D58E1-2BA6-416D-9C79-1C703AC51823} - C:\ProgramData\TheBflix\bhoclass.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: PDFLite Toolbar Helper - {7413F9FC-8E54-4c93-BEB7-1225EB0970CA} - C:\Program Files\PDFLite Toolbar \Toolbar32.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast \aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin \jp2ssv.dll O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll (file missing) O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll (file missing) O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote \prxtbVuze.dll O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar \Toolbar32.dll (file missing) O3 - Toolbar: PDFLite Toolbar - {7C8ACEEB-B1D8-43cc-A387-DA838515368D} - C:\Program Files\PDFLite Toolbar \Toolbar32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast \aswWebRepIE.dll O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support \AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Crease\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE /FU "C:\Windows \TEMP\E_SCA60.tmp" /EF "HKCU" O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office \Office14\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe \Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX \AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat \ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX \AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office \Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files \Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy \SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files \Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C: \Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support \AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files \EPSON\EPW!3 SSRP\E_S50ST7.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files \EPSON\EPW!3 SSRP\E_S50RP7.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update \GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update \GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater \GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper \MotoHelperService.exe O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service \MotoHelper.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe \SwitchBoard\SwitchBoard.exe O23 - Service: Updater Service for PDFLite Toolbar - Unknown owner - C:\Program Files\PDFLite Toolbar \ToolbarUpdaterService.exe O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar \ToolbarUpdaterService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate \YahooAUService.exe -- End of file - 12260 bytes