TechSpot

Home page hijacked

Solved
By Doug8765
Jan 20, 2013
  1. Hi -
    I downloaded a piece of software that, among its other things it did, was to change my homepage to mywebsearch.com. Even though I can put google.com in as my homepage I keep getting mywebsearch.com.

    What do I have to do to remove all the mywebsearch.com stuff? I use firefox, ie and chrome.

    Doug
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there...do the following please:

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
     
  3. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hello DragonMaster Jay -
    I attach the Marwarebytes logs and the AdwCleaner log. On running JRT I got an error dialog saying that it could not create the system file for the registry backup. I attach the image of that dialog. Seemed like a good reason to kill the process.

    At this point I'll be going outside for awhile, but will be back later this afternoon.

    Thank you for your help.

    Doug
     

    Attached Files:

  4. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi again -
    I reran JRT (as administrator) to get the first error dialog. That's attached.

    Most features of the hijacking are now gone, but the RadioRage toolbar still comes up, which I then have to manually unselect.

    Doug
     

    Attached Files:

  5. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi again -
    I was wrong about mywebsearch.com features going away. New tabs still bring it up in firefox.

    Doug
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's do AdwCleaner and MBAM once again please... and then this:

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    I reran Malwarebytes (which I do everyday, but only with Quickscan) with the full scan. I also successfully ran AdwCleaner. Those text files are attached.

    I was unable to run ComboFix in regular mode. I disabled the Comodo and Avast software. It starts, extracts and puts up the registry backup dialog and then it's done. There's no .txt in the ComboxFix directory.

    I tried safe mode, but it objected after starting up that Comodo was running. I don't know how to disable Comodo in safe mode. I didn't know it even ran in safe mode.

    Doug
     

    Attached Files:

  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  9. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    I am attaching the RogueKiller files - 3 files.

    Here is the output of the TDSKiller app. There was a mismatch between the instructions and the prompts, so I did the best I could. (For example, the instructions start with "Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. For Windows XP, double-click to start. For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run." When I doubleclicked on TDSSKiller.exe and clicked on Change parameters there was no ability to do a right-click and Run as administrator.)

    [The text files were too large to paste - I was not allowed to post them when they were pasted. I have attached them as well, but as a single agglomerated text file to facilitate your reading - as if they were pasted.]

    Thanks for your persistence on this problem.

    Doug
     

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good work!

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  11. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    Here it is:
    OTL logfile created on: 1/22/2013 9:13:15 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.19% Memory free
    15.93 Gb Paging File | 13.68 Gb Available in Paging File | 85.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.69 Gb Total Space | 483.58 Gb Free Space | 70.42% Space Free | Partition Type: NTFS
    Drive D: | 11.84 Gb Total Space | 2.13 Gb Free Space | 17.96% Space Free | Partition Type: NTFS
    Drive J: | 298.01 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: FAT32

    Computer Name: HPQUAD | User Name: Doug | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/22 21:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\OTL.exe
    PRC - [2013/01/08 17:47:17 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    PRC - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/11/15 21:47:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/15 15:57:38 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/09/14 19:22:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/21 14:31:29 | 000,571,392 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\pysqlite2._sqlite.pyd
    MOD - [2013/01/21 14:31:29 | 000,096,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32api.pyd
    MOD - [2013/01/21 14:31:29 | 000,086,016 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\_elementtree.pyd
    MOD - [2013/01/21 14:31:29 | 000,040,448 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\_socket.pyd
    MOD - [2013/01/21 14:31:29 | 000,023,040 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32ts.pyd
    MOD - [2013/01/21 14:31:28 | 001,024,616 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\windows._cacheinvalidation.pyd
    MOD - [2013/01/21 14:31:28 | 000,792,576 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._gdi_.pyd
    MOD - [2013/01/21 14:31:28 | 000,263,168 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32com.shell.shell.pyd
    MOD - [2013/01/21 14:31:28 | 000,153,088 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\pyexpat.pyd
    MOD - [2013/01/21 14:31:28 | 000,070,656 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._html2.pyd
    MOD - [2013/01/21 14:31:28 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32profile.pyd
    MOD - [2013/01/21 14:31:28 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32crypt.pyd
    MOD - [2013/01/21 14:31:27 | 000,731,136 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._misc_.pyd
    MOD - [2013/01/21 14:31:27 | 000,354,304 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\pythoncom26.dll
    MOD - [2013/01/21 14:31:27 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\PyWinTypes26.dll
    MOD - [2013/01/21 14:31:27 | 000,073,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\_ctypes.pyd
    MOD - [2013/01/21 14:31:26 | 000,645,120 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\_ssl.pyd
    MOD - [2013/01/21 14:31:26 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32security.pyd
    MOD - [2013/01/21 14:31:26 | 000,022,528 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32pdh.pyd
    MOD - [2013/01/21 14:31:25 | 001,169,408 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._core_.pyd
    MOD - [2013/01/21 14:31:25 | 000,036,352 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32process.pyd
    MOD - [2013/01/21 14:31:24 | 000,807,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._windows_.pyd
    MOD - [2013/01/21 14:31:24 | 000,311,808 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\_hashlib.pyd
    MOD - [2013/01/21 14:31:24 | 000,121,856 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._wizard.pyd
    MOD - [2013/01/21 14:31:24 | 000,111,104 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32file.pyd
    MOD - [2013/01/21 14:31:23 | 000,039,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32inet.pyd
    MOD - [2013/01/21 14:31:22 | 001,056,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\wx._controls_.pyd
    MOD - [2013/01/21 14:31:21 | 000,585,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\unicodedata.pyd
    MOD - [2013/01/21 14:31:21 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\win32event.pyd
    MOD - [2013/01/21 14:31:21 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36562\select.pyd
    MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV - [2013/01/18 23:38:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 18:47:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/03/05 13:16:38 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/03/09 17:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Stopped] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 14:29:14 | 000,078,928 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
    DRV:64bit: - [2011/07/15 15:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/08/20 15:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/12/29 21:48:33 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE D2 46 C8 E3 53 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}
    IE - HKCU\..\SearchScopes\{6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
    FF - prefs.js..extensions.enabledAddons: del.icio.us%40askin.ws:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
    FF - prefs.js..extensions.enabledAddons: %7Bd93e6838-8272-4382-a0fb-36a56db176c5%7D:1.5
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
    FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...008&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/11/24 11:02:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/12 10:31:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files (x86)\RadioRage_4j\bar\1.bin [2013/01/20 10:01:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 23:38:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 23:38:21 | 000,000,000 | ---D | M]

    [2009/10/22 15:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
    [2013/01/20 10:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions
    [2011/07/12 22:36:21 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2012/10/14 11:09:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/10/03 17:35:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/01/20 08:32:14 | 000,000,000 | ---D | M] (RadioRage) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\4jffxtbr@RadioRage_4j.com
    [2012/09/19 16:44:19 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\amznUWL2@amazon.com.xpi
    [2012/10/14 13:22:59 | 000,014,052 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\del.icio.us@askin.ws.xpi
    [2012/10/14 13:22:59 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{d93e6838-8272-4382-a0fb-36a56db176c5}.xpi
    [2009/10/23 08:47:06 | 000,002,171 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\searchplugins\bing.xml
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/18 23:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/11/12 10:31:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013/01/18 23:38:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/06/22 21:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.bing.com/
    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - homepage: http://www.bing.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2011/11/20 03:01:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/19 00:34:56 | 000,000,032 | ---- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 21:52:20 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
    [2013/01/21 14:31:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/21 14:12:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/01/21 14:11:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/21 14:11:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2013/01/20 11:45:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/20 11:44:53 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/20 08:32:21 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\RadioRage_4j
    [2013/01/20 08:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioRage_4j
    [2013/01/18 23:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/07 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/12/28 07:39:27 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Programs
    [2012/12/24 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2012/12/24 14:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/24 14:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ========== Files - Modified Within 30 Days ==========

    [2013/01/22 21:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000UA.job
    [2013/01/22 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/22 20:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/22 20:27:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/22 17:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000Core.job
    [2013/01/22 14:23:19 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDoug.job
    [2013/01/22 04:34:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/22 04:34:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/21 14:29:55 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/01/21 14:29:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/21 14:29:35 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/21 14:12:00 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
    [2013/01/19 20:35:37 | 000,002,082 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/10 03:29:12 | 000,372,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    ========== Files Created - No Company Name ==========

    [2013/01/21 14:12:00 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2013/01/07 14:02:39 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012/06/20 15:26:04 | 000,060,304 | ---- | C] () -- C:\Users\Doug\g2mdlhlpx.exe
    [2012/04/03 22:08:14 | 000,000,025 | ---- | C] () -- C:\Users\Doug\dougscan.bat
    [2012/03/11 12:29:10 | 000,001,459 | ---- | C] () -- C:\Users\Doug\gsview64.ini
    [2012/01/01 21:48:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/01 21:48:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/11/20 02:54:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/20 02:54:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/20 02:54:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/20 02:54:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/20 02:54:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/19 19:22:59 | 000,000,000 | ---- | C] () -- C:\Users\Doug\AppData\Local\{1F27879C-3BF5-4336-BA6A-00D39B8B3F6B}
    [2011/11/17 10:58:42 | 000,164,104 | ---- | C] () -- C:\Users\Doug\AppData\Local\census.cache
    [2011/11/17 10:58:39 | 000,114,525 | ---- | C] () -- C:\Users\Doug\AppData\Local\ars.cache
    [2011/11/17 10:54:37 | 000,000,036 | ---- | C] () -- C:\Users\Doug\AppData\Local\housecall.guid.cache
    [2011/10/26 17:14:44 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667278.bdinstall.bin
    [2011/10/26 17:12:57 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667172.bdinstall.bin
    [2011/10/26 17:05:46 | 000,007,606 | ---- | C] () -- C:\Users\Doug\AppData\Local\Resmon.ResmonCfg
    [2011/10/26 16:39:39 | 000,148,729 | ---- | C] () -- C:\ProgramData\1319665086.bdinstall.bin
    [2011/10/26 16:38:06 | 000,023,975 | ---- | C] () -- C:\ProgramData\1319665085.bdinstall.bin
    [2011/10/26 10:11:30 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319641883.bdinstall.bin
    [2011/10/25 22:15:21 | 000,204,091 | ---- | C] () -- C:\ProgramData\1319598661.bdinstall.bin
    [2011/10/25 22:02:56 | 000,166,240 | ---- | C] () -- C:\ProgramData\1319598111.bdinstall.bin
    [2011/10/25 21:58:07 | 000,094,087 | ---- | C] () -- C:\ProgramData\1319597729.bdinstall.bin
    [2011/10/25 21:30:35 | 000,214,848 | ---- | C] () -- C:\ProgramData\1319595922.bdinstall.bin
    [2011/10/25 21:18:41 | 000,095,205 | ---- | C] () -- C:\ProgramData\1319595405.bdinstall.bin
    [2011/10/22 18:51:50 | 000,190,222 | ---- | C] () -- C:\ProgramData\1319327154.bdinstall.bin
    [2011/06/08 11:29:06 | 000,704,793 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/06/08 11:29:06 | 000,003,668 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/06/09 18:16:03 | 000,835,732 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\DouglasWRoberts.zip
    [2010/02/25 23:14:26 | 000,000,025 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\bdfvconp.ini
    [2009/10/23 06:31:04 | 000,000,272 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\wklnhst.dat
    [2009/10/22 13:59:54 | 001,835,008 | ---- | C] () -- C:\Users\Doug\NTUSER.bak

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/26 17:38:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitDefender
    [2013/01/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitTorrent
    [2011/03/30 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FileOpen
    [2010/07/12 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Foxit Software
    [2009/12/22 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\IObit
    [2009/10/22 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\OEC
    [2011/11/13 01:45:08 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Opera
    [2012/11/10 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PC Health Doc PDF Reader
    [2012/10/22 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeaZip
    [2009/10/22 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PictureMover
    [2011/10/25 09:13:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QuickScan
    [2010/08/06 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Registry Mechanic
    [2011/01/12 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Stellarium
    [2009/10/23 06:31:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Template
    [2010/11/13 11:50:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WildTangent
    [2009/11/13 15:09:54 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WinBatch
    [2011/01/29 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    Once done, post fixlog and new OTL Quick Scan, please. ;)
     
  13. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    The first time I ran OTL.exe and Run Fix it crashed the computer.
    The second time it ran to completion, but there was no log file. Under MovedFiles there was a directory for today, but it is empty.

    Here is the first part of the output of the newest run of OTL.exe QuickScan. I believe I'll be able to do this in two posts:
    OTL logfile created on: 1/23/2013 12:47:58 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.02% Memory free
    15.93 Gb Paging File | 14.18 Gb Available in Paging File | 89.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.69 Gb Total Space | 481.95 Gb Free Space | 70.18% Space Free | Partition Type: NTFS
    Drive D: | 11.84 Gb Total Space | 2.13 Gb Free Space | 17.96% Space Free | Partition Type: NTFS
    Drive J: | 298.01 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: FAT32

    Computer Name: HPQUAD | User Name: Doug | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/22 21:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\OTL.exe
    PRC - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/11/15 21:47:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/14 19:22:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/23 12:43:42 | 001,024,616 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\windows._cacheinvalidation.pyd
    MOD - [2013/01/23 12:43:42 | 000,792,576 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._gdi_.pyd
    MOD - [2013/01/23 12:43:42 | 000,731,136 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._misc_.pyd
    MOD - [2013/01/23 12:43:42 | 000,571,392 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\pysqlite2._sqlite.pyd
    MOD - [2013/01/23 12:43:42 | 000,354,304 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\pythoncom26.dll
    MOD - [2013/01/23 12:43:42 | 000,263,168 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32com.shell.shell.pyd
    MOD - [2013/01/23 12:43:42 | 000,153,088 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\pyexpat.pyd
    MOD - [2013/01/23 12:43:42 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\PyWinTypes26.dll
    MOD - [2013/01/23 12:43:42 | 000,096,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32api.pyd
    MOD - [2013/01/23 12:43:42 | 000,086,016 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\_elementtree.pyd
    MOD - [2013/01/23 12:43:42 | 000,073,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\_ctypes.pyd
    MOD - [2013/01/23 12:43:42 | 000,070,656 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._html2.pyd
    MOD - [2013/01/23 12:43:42 | 000,040,448 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\_socket.pyd
    MOD - [2013/01/23 12:43:42 | 000,023,040 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32ts.pyd
    MOD - [2013/01/23 12:43:42 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32profile.pyd
    MOD - [2013/01/23 12:43:42 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32crypt.pyd
    MOD - [2013/01/23 12:43:41 | 001,169,408 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._core_.pyd
    MOD - [2013/01/23 12:43:41 | 001,056,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._controls_.pyd
    MOD - [2013/01/23 12:43:41 | 000,807,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._windows_.pyd
    MOD - [2013/01/23 12:43:41 | 000,645,120 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\_ssl.pyd
    MOD - [2013/01/23 12:43:41 | 000,585,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\unicodedata.pyd
    MOD - [2013/01/23 12:43:41 | 000,311,808 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\_hashlib.pyd
    MOD - [2013/01/23 12:43:41 | 000,121,856 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\wx._wizard.pyd
    MOD - [2013/01/23 12:43:41 | 000,111,104 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32file.pyd
    MOD - [2013/01/23 12:43:41 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32security.pyd
    MOD - [2013/01/23 12:43:41 | 000,039,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32inet.pyd
    MOD - [2013/01/23 12:43:41 | 000,036,352 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32process.pyd
    MOD - [2013/01/23 12:43:41 | 000,022,528 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32pdh.pyd
    MOD - [2013/01/23 12:43:41 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\win32event.pyd
    MOD - [2013/01/23 12:43:41 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36762\select.pyd
    MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV - [2013/01/18 23:38:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 18:47:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/03/05 13:16:38 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/03/09 17:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 14:29:14 | 000,078,928 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
    DRV:64bit: - [2011/07/15 15:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/08/20 15:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/12/29 21:48:33 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE D2 46 C8 E3 53 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}
    IE - HKCU\..\SearchScopes\{6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
    FF - prefs.js..extensions.enabledAddons: del.icio.us%40askin.ws:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
    FF - prefs.js..extensions.enabledAddons: %7Bd93e6838-8272-4382-a0fb-36a56db176c5%7D:1.5
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
    FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
    FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...008&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/11/24 11:02:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/12 10:31:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files (x86)\RadioRage_4j\bar\1.bin [2013/01/20 10:01:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 23:38:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 23:38:21 | 000,000,000 | ---D | M]

    [2009/10/22 15:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
    [2013/01/22 23:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions
    [2011/07/12 22:36:21 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2012/10/14 11:09:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/10/03 17:35:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/01/20 08:32:14 | 000,000,000 | ---D | M] (RadioRage) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\4jffxtbr@RadioRage_4j.com
    [2013/01/22 23:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\staged
    [2012/09/19 16:44:19 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\amznUWL2@amazon.com.xpi
    [2012/10/14 13:22:59 | 000,014,052 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\del.icio.us@askin.ws.xpi
    [2012/10/14 13:22:59 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{d93e6838-8272-4382-a0fb-36a56db176c5}.xpi
    [2009/10/23 08:47:06 | 000,002,171 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\searchplugins\bing.xml
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/18 23:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/11/12 10:31:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013/01/18 23:38:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/06/22 21:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
     
  14. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    Here is part two of two of the January 23, 2013 OTL.exe run of QuickScan.
    ========== Chrome ==========

    CHR - homepage: http://www.bing.com/
    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - homepage: http://www.bing.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2011/11/20 03:01:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/19 00:34:56 | 000,000,032 | ---- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 21:52:20 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
    [2013/01/21 14:31:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/21 14:12:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/01/21 14:11:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/21 14:11:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2013/01/20 11:45:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/20 11:44:53 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/20 08:32:21 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\RadioRage_4j
    [2013/01/20 08:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioRage_4j
    [2013/01/18 23:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/07 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/12/28 07:39:27 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Programs
    [2012/12/24 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2012/12/24 14:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/24 14:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/12/24 14:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ========== Files - Modified Within 30 Days ==========

    [2013/01/23 12:47:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 12:47:07 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 12:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/23 12:43:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/23 12:43:39 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/01/23 12:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/23 12:38:47 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/23 12:38:46 | 710,570,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/23 12:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/23 12:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000UA.job
    [2013/01/22 21:49:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDoug.job
    [2013/01/22 17:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000Core.job
    [2013/01/21 14:12:00 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
    [2013/01/19 20:35:37 | 000,002,082 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/10 03:29:12 | 000,372,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    ========== Files Created - No Company Name ==========

    [2013/01/23 12:38:46 | 710,570,336 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/01/21 14:12:00 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2013/01/07 14:02:39 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012/06/20 15:26:04 | 000,060,304 | ---- | C] () -- C:\Users\Doug\g2mdlhlpx.exe
    [2012/04/03 22:08:14 | 000,000,025 | ---- | C] () -- C:\Users\Doug\dougscan.bat
    [2012/03/11 12:29:10 | 000,001,459 | ---- | C] () -- C:\Users\Doug\gsview64.ini
    [2012/01/01 21:48:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/01 21:48:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/11/20 02:54:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/20 02:54:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/20 02:54:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/20 02:54:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/20 02:54:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/19 19:22:59 | 000,000,000 | ---- | C] () -- C:\Users\Doug\AppData\Local\{1F27879C-3BF5-4336-BA6A-00D39B8B3F6B}
    [2011/11/17 10:58:42 | 000,164,104 | ---- | C] () -- C:\Users\Doug\AppData\Local\census.cache
    [2011/11/17 10:58:39 | 000,114,525 | ---- | C] () -- C:\Users\Doug\AppData\Local\ars.cache
    [2011/11/17 10:54:37 | 000,000,036 | ---- | C] () -- C:\Users\Doug\AppData\Local\housecall.guid.cache
    [2011/10/26 17:14:44 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667278.bdinstall.bin
    [2011/10/26 17:12:57 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667172.bdinstall.bin
    [2011/10/26 17:05:46 | 000,007,606 | ---- | C] () -- C:\Users\Doug\AppData\Local\Resmon.ResmonCfg
    [2011/10/26 16:39:39 | 000,148,729 | ---- | C] () -- C:\ProgramData\1319665086.bdinstall.bin
    [2011/10/26 16:38:06 | 000,023,975 | ---- | C] () -- C:\ProgramData\1319665085.bdinstall.bin
    [2011/10/26 10:11:30 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319641883.bdinstall.bin
    [2011/10/25 22:15:21 | 000,204,091 | ---- | C] () -- C:\ProgramData\1319598661.bdinstall.bin
    [2011/10/25 22:02:56 | 000,166,240 | ---- | C] () -- C:\ProgramData\1319598111.bdinstall.bin
    [2011/10/25 21:58:07 | 000,094,087 | ---- | C] () -- C:\ProgramData\1319597729.bdinstall.bin
    [2011/10/25 21:30:35 | 000,214,848 | ---- | C] () -- C:\ProgramData\1319595922.bdinstall.bin
    [2011/10/25 21:18:41 | 000,095,205 | ---- | C] () -- C:\ProgramData\1319595405.bdinstall.bin
    [2011/10/22 18:51:50 | 000,190,222 | ---- | C] () -- C:\ProgramData\1319327154.bdinstall.bin
    [2011/06/08 11:29:06 | 000,704,793 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/06/08 11:29:06 | 000,003,668 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/06/09 18:16:03 | 000,835,732 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\DouglasWRoberts.zip
    [2010/02/25 23:14:26 | 000,000,025 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\bdfvconp.ini
    [2009/10/23 06:31:04 | 000,000,272 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\wklnhst.dat
    [2009/10/22 13:59:54 | 001,835,008 | ---- | C] () -- C:\Users\Doug\NTUSER.bak

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/26 17:38:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitDefender
    [2013/01/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitTorrent
    [2011/03/30 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FileOpen
    [2010/07/12 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Foxit Software
    [2009/12/22 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\IObit
    [2009/10/22 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\OEC
    [2011/11/13 01:45:08 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Opera
    [2012/11/10 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PC Health Doc PDF Reader
    [2012/10/22 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeaZip
    [2009/10/22 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PictureMover
    [2011/10/25 09:13:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QuickScan
    [2010/08/06 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Registry Mechanic
    [2011/01/12 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Stellarium
    [2009/10/23 06:31:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Template
    [2010/11/13 11:50:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WildTangent
    [2009/11/13 15:09:54 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WinBatch
    [2011/01/29 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

    Try the fix again please. It's important for it to work. It didn't delete anything earlier.
     
  16. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    Here's the Fix log of OTL.I'll post the new QuickScan on a separate Reply.

    It's not that long. It looks like my problem may be gone (with mywebsearch.com hijacking my homepage).

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEC019A3-2714-47A9-8D78-0B71F2C46863}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEC019A3-2714-47A9-8D78-0B71F2C46863}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEC019A3-2714-47A9-8D78-0B71F2C46863}\ not found.
    Prefs.js: "http://search.mywebsearch.com/myweb...008&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor=" removed from keyword.URL
    Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
    Prefs.js: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.8.1.0 removed from extensions.enabledItems
    C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\4jffxtbr@RadioRage_4j.com\META-INF folder moved successfully.
    C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\4jffxtbr@RadioRage_4j.com\chrome folder moved successfully.
    C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\4jffxtbr@RadioRage_4j.com folder moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{78ba36c9-6036-482b-b48d-ecca6f964b84} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ba36c9-6036-482b-b48d-ecca6f964b84}\ deleted successfully.
    C:\Users\Doug\AppData\Local\RadioRage_4j folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\Settings folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\Message folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\IE9Mesg folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\gen1 folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\1.bin\ThirdPartyInstallers folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\1.bin\chrome folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar\1.bin folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j\bar folder moved successfully.
    C:\Program Files (x86)\RadioRage_4j folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Could not flush the DNS Resolver Cache: Function failed during execution.
    C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\cmd.bat deleted successfully.
    C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Doug
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3516264 bytes
    ->Java cache emptied: 896913 bytes
    ->FireFox cache emptied: 49961909 bytes
    ->Google Chrome cache emptied: 7417298 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18991 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 59.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01232013_205554

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  17. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    Newest QuickScan:
    OTL logfile created on: 1/23/2013 9:23:57 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.44 Gb Available Physical Memory | 80.79% Memory free
    15.93 Gb Paging File | 14.29 Gb Available in Paging File | 89.67% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 686.69 Gb Total Space | 481.95 Gb Free Space | 70.18% Space Free | Partition Type: NTFS
    Drive D: | 11.84 Gb Total Space | 2.13 Gb Free Space | 17.96% Space Free | Partition Type: NTFS
    Drive J: | 298.01 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: FAT32

    Computer Name: HPQUAD | User Name: Doug | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/22 21:07:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\OTL.exe
    PRC - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/11/15 21:47:26 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/14 19:22:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/23 21:20:24 | 001,024,616 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\windows._cacheinvalidation.pyd
    MOD - [2013/01/23 21:20:24 | 000,792,576 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._gdi_.pyd
    MOD - [2013/01/23 21:20:24 | 000,731,136 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._misc_.pyd
    MOD - [2013/01/23 21:20:24 | 000,571,392 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\pysqlite2._sqlite.pyd
    MOD - [2013/01/23 21:20:24 | 000,354,304 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\pythoncom26.dll
    MOD - [2013/01/23 21:20:24 | 000,263,168 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32com.shell.shell.pyd
    MOD - [2013/01/23 21:20:24 | 000,153,088 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\pyexpat.pyd
    MOD - [2013/01/23 21:20:24 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32security.pyd
    MOD - [2013/01/23 21:20:24 | 000,110,592 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\PyWinTypes26.dll
    MOD - [2013/01/23 21:20:24 | 000,096,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32api.pyd
    MOD - [2013/01/23 21:20:24 | 000,086,016 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\_elementtree.pyd
    MOD - [2013/01/23 21:20:24 | 000,073,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\_ctypes.pyd
    MOD - [2013/01/23 21:20:24 | 000,070,656 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._html2.pyd
    MOD - [2013/01/23 21:20:24 | 000,040,448 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\_socket.pyd
    MOD - [2013/01/23 21:20:24 | 000,023,040 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32ts.pyd
    MOD - [2013/01/23 21:20:24 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32profile.pyd
    MOD - [2013/01/23 21:20:24 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32crypt.pyd
    MOD - [2013/01/23 21:20:23 | 001,169,408 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._core_.pyd
    MOD - [2013/01/23 21:20:23 | 001,056,256 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._controls_.pyd
    MOD - [2013/01/23 21:20:23 | 000,807,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._windows_.pyd
    MOD - [2013/01/23 21:20:23 | 000,645,120 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\_ssl.pyd
    MOD - [2013/01/23 21:20:23 | 000,585,728 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\unicodedata.pyd
    MOD - [2013/01/23 21:20:23 | 000,311,808 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\_hashlib.pyd
    MOD - [2013/01/23 21:20:23 | 000,121,856 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\wx._wizard.pyd
    MOD - [2013/01/23 21:20:23 | 000,111,104 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32file.pyd
    MOD - [2013/01/23 21:20:23 | 000,039,424 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32inet.pyd
    MOD - [2013/01/23 21:20:23 | 000,036,352 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32process.pyd
    MOD - [2013/01/23 21:20:23 | 000,022,528 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32pdh.pyd
    MOD - [2013/01/23 21:20:23 | 000,017,920 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\win32event.pyd
    MOD - [2013/01/23 21:20:22 | 000,011,776 | ---- | M] () -- C:\Users\Doug\AppData\Local\Temp\_MEI36882\select.pyd
    MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV - [2013/01/18 23:38:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 18:47:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/01/07 14:02:22 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
    SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/03/05 13:16:38 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/03/09 17:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/28 01:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 14:29:14 | 000,078,928 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
    DRV:64bit: - [2011/07/15 15:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/08/20 15:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/12/29 21:48:33 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3ED1A161-7CD4-445F-B9A8-B8A40A008C45}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE D2 46 C8 E3 53 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}
    IE - HKCU\..\SearchScopes\{6EAE3D8E-5EF4-4BD4-87EC-9505FB7C6E66}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
    FF - prefs.js..extensions.enabledAddons: del.icio.us%40askin.ws:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613
    FF - prefs.js..extensions.enabledAddons: %7Bd93e6838-8272-4382-a0fb-36a56db176c5%7D:1.5
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
    FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.7
    FF - prefs.js..extensions.enabledItems:
    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.5.20111209014555
    FF - prefs.js..extensions.enabledItems:
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
    FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...008&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/11/24 11:02:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/12 10:31:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files (x86)\RadioRage_4j\bar\1.bin
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 23:38:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 23:38:21 | 000,000,000 | ---D | M]

    [2009/10/22 15:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
    [2013/01/23 13:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions
    [2011/07/12 22:36:21 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2012/10/14 11:09:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/01/23 13:02:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/09/19 16:44:19 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\amznUWL2@amazon.com.xpi
    [2012/10/14 13:22:59 | 000,014,052 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\del.icio.us@askin.ws.xpi
    [2012/10/14 13:22:59 | 000,038,787 | ---- | M] () (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\extensions\{d93e6838-8272-4382-a0fb-36a56db176c5}.xpi
    [2009/10/23 08:47:06 | 000,002,171 | ---- | M] () -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\7q0hgche.default\searchplugins\bing.xml
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 23:38:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/18 23:38:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/11/12 10:31:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2013/01/18 23:38:25 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/06/22 21:23:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/01/04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.bing.com/
    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - homepage: http://www.bing.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2011/11/20 03:01:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [SkyDrive] C:\Users\Doug\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2AD852-4733-446D-8134-5F28B4CD57F2}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B33D97-8497-4BC3-876D-4BBD2E8E8788}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/19 00:34:56 | 000,000,032 | ---- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 21:52:20 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
    [2013/01/21 14:31:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/21 14:12:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/01/21 14:11:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/21 14:11:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2013/01/20 11:45:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/20 11:44:53 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/18 23:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/14 18:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/07 19:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/12/28 07:39:27 | 000,000,000 | ---D | C] -- C:\Users\Doug\AppData\Local\Programs

    ========== Files - Modified Within 30 Days ==========

    [2013/01/23 21:27:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/23 21:05:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 21:05:30 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 21:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000UA.job
    [2013/01/23 20:57:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/23 20:57:30 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2013/01/23 20:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/23 20:57:07 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/23 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/23 17:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4032159327-3157157313-2726375902-1000Core.job
    [2013/01/23 12:38:46 | 710,570,336 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/22 21:49:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDoug.job
    [2013/01/21 14:12:00 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
    [2013/01/19 20:35:37 | 000,002,082 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/10 03:29:12 | 000,372,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/07 14:02:22 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    ========== Files Created - No Company Name ==========

    [2013/01/23 12:38:46 | 710,570,336 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/01/21 14:12:00 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
    [2013/01/07 14:02:39 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
    [2012/06/20 15:26:04 | 000,060,304 | ---- | C] () -- C:\Users\Doug\g2mdlhlpx.exe
    [2012/04/03 22:08:14 | 000,000,025 | ---- | C] () -- C:\Users\Doug\dougscan.bat
    [2012/03/11 12:29:10 | 000,001,459 | ---- | C] () -- C:\Users\Doug\gsview64.ini
    [2012/01/01 21:48:43 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/01/01 21:48:43 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/11/20 02:54:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/20 02:54:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/20 02:54:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/20 02:54:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/20 02:54:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/19 19:22:59 | 000,000,000 | ---- | C] () -- C:\Users\Doug\AppData\Local\{1F27879C-3BF5-4336-BA6A-00D39B8B3F6B}
    [2011/11/17 10:58:42 | 000,164,104 | ---- | C] () -- C:\Users\Doug\AppData\Local\census.cache
    [2011/11/17 10:58:39 | 000,114,525 | ---- | C] () -- C:\Users\Doug\AppData\Local\ars.cache
    [2011/11/17 10:54:37 | 000,000,036 | ---- | C] () -- C:\Users\Doug\AppData\Local\housecall.guid.cache
    [2011/10/26 17:14:44 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667278.bdinstall.bin
    [2011/10/26 17:12:57 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319667172.bdinstall.bin
    [2011/10/26 17:05:46 | 000,007,606 | ---- | C] () -- C:\Users\Doug\AppData\Local\Resmon.ResmonCfg
    [2011/10/26 16:39:39 | 000,148,729 | ---- | C] () -- C:\ProgramData\1319665086.bdinstall.bin
    [2011/10/26 16:38:06 | 000,023,975 | ---- | C] () -- C:\ProgramData\1319665085.bdinstall.bin
    [2011/10/26 10:11:30 | 000,027,689 | ---- | C] () -- C:\ProgramData\1319641883.bdinstall.bin
    [2011/10/25 22:15:21 | 000,204,091 | ---- | C] () -- C:\ProgramData\1319598661.bdinstall.bin
    [2011/10/25 22:02:56 | 000,166,240 | ---- | C] () -- C:\ProgramData\1319598111.bdinstall.bin
    [2011/10/25 21:58:07 | 000,094,087 | ---- | C] () -- C:\ProgramData\1319597729.bdinstall.bin
    [2011/10/25 21:30:35 | 000,214,848 | ---- | C] () -- C:\ProgramData\1319595922.bdinstall.bin
    [2011/10/25 21:18:41 | 000,095,205 | ---- | C] () -- C:\ProgramData\1319595405.bdinstall.bin
    [2011/10/22 18:51:50 | 000,190,222 | ---- | C] () -- C:\ProgramData\1319327154.bdinstall.bin
    [2011/06/08 11:29:06 | 000,704,793 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/06/08 11:29:06 | 000,003,668 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/06/09 18:16:03 | 000,835,732 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\DouglasWRoberts.zip
    [2010/02/25 23:14:26 | 000,000,025 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\bdfvconp.ini
    [2009/10/23 06:31:04 | 000,000,272 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\wklnhst.dat
    [2009/10/22 13:59:54 | 001,835,008 | ---- | C] () -- C:\Users\Doug\NTUSER.bak

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/26 17:38:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitDefender
    [2013/01/14 18:22:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\BitTorrent
    [2011/03/30 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FileOpen
    [2010/07/12 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Foxit Software
    [2009/12/22 13:13:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\IObit
    [2009/10/22 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\OEC
    [2011/11/13 01:45:08 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Opera
    [2012/11/10 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PC Health Doc PDF Reader
    [2012/10/22 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeaZip
    [2009/10/22 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PictureMover
    [2011/10/25 09:13:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QuickScan
    [2010/08/06 18:50:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Registry Mechanic
    [2011/01/12 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Stellarium
    [2009/10/23 06:31:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Template
    [2010/11/13 11:50:26 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WildTangent
    [2009/11/13 15:09:54 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\WinBatch
    [2011/01/29 14:56:49 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  19. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    I am working through your last post.

    Here's the OTL Run Fix output text:
    All processes killed
    ========== OTL ==========
    Prefs.js: "http://search.mywebsearch.com/myweb...008&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor=" removed from keyword.URL
    ========== FILES ==========
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\support\gen_py folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\support folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\mime folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\images\overlays folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\images folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_TW\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_TW folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_HK\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_HK folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_CN\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh_CN folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh-Hant\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh-Hant folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh-Hans\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh-Hans folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\zh folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\vi\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\vi folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\uk\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\uk folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\tr\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\tr folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\th\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\th folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\te\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\te folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ta\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ta folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sv\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sv folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sr\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sr folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sl\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sl folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sk\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\sk folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ru\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ru folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ro\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ro folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt_PT\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt_PT folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt_BR\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt_BR folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pt folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pl\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\pl folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\no\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\no folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\nl\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\nl folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\mr\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\mr folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ml\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ml folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\lv\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\lv folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\lt\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\lt folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ko\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ko folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\kn\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\kn folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ja\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\ja folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\it\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\it folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\id\LC_MESSAGES folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale\id folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n\locale folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources\i18n folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882\resources folder moved successfully.
    C:\Users\Doug\AppData\Local\Temp\_MEI36882 folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\cmd.bat deleted successfully.
    C:\Users\Doug\Downloads\Homepage Hijack 20Jan2013\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Doug
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 6213329 bytes
    ->Java cache emptied: 896913 bytes
    ->FireFox cache emptied: 73985895 bytes
    ->Google Chrome cache emptied: 15501865 bytes
    ->Opera cache emptied: 308179 bytes
    ->Flash cache emptied: 1445 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16208 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 92.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01242013_125503

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  20. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi DragonMaster Jay -
    I understand what a system restore point is. Of what practical use to me is a Windows 7 system restore point?

    Here's the output of checkup:
    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Secunia PSI (2.0.0.4003)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 37
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader XI
    Mozilla Firefox (18.0.1)
    Google Chrome 24.0.1312.52
    Google Chrome 24.0.1312.56
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I would say that it is useful for you to be able to Restore back in case of infection in the future. At least you'll have a clean point to go back to. :)

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  22. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    Doesn't my computer need Java for the internet? If so, how do I remove all the Java versions before installing?

    In Programs and Features, they're listed alphabetically and the only Javas under the letter 'j' are:
    Java 7 Update 11 (64-bit) from Oracle​
    Java(TM) 6 Update 37 from Oracle​

    So I should uninstall these both and they're all that there is, right?

    In Control Panel | Programs there's also a Java panel. Do I do anything with that?



     
  23. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    When I was on the Java.com site, they tell me I may be using a 32-bit browser. I mostly use Firefox. How can I figure that one out? I assume that I'd always prefer 64-bit apps to 32-bit apps.

    Doug
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yes remove old Java versions. You don't technically need Java unless you use a gaming or app site that requires it. However, if you do install any version, go for 32 bit version, yes for Firefox...AND 64 bit version for Internet Explorer.
     
  25. Doug8765

    Doug8765 TS Enthusiast Topic Starter Posts: 167

    Hi -
    That reply confuses me. Please confirm:
    32-bit Java​
    32-bit Firefox​
    64-bit Internet Explorer​

    Thank you.

    Doug
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.