[pa.pete]

godawgs,
Sorry about that I thought I clicked the remove button. It only found 2 this time I remember there were alot more last time so hopefully that is a good thing.
Thanks,
Pete

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Radwick :: RADWICK-PC [administrator]

2/12/2012 11:10:36 AM
mbam-log-2012-02-12 (11-10-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365352
Time elapsed: 1 hour(s), 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Radwick\AppData\Local\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Radwick\AppData\Local\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

[Advertisements]

Hi pa.pete,

Lets run one more OTL fix and re-run RogueKiller and see it that will take care of the FireFox proxy entries.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49576
FF - prefs.js..network.proxy.type: 1
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro AntiVirus plus AntiSpyware

:FILES
C:\Users\Radwick\AppData\Local\dplayx.dll|c:\Windows\SysWOW64\dplayx.dll /replace

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run RogueKiller

• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ProxyFix<---Very Important
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

OTL Scan

• Double click on the OTL icon to run it. Make sure all other windows are closed and let it run uninterrupted.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• check the Scan All Users box.
• Make sure the None button is checked in the Extra Registry section <---Very Important
• Check the boxes beside LOP Check and Purity Check.
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt on the desktop. This file is also saved in the same location as OTL.
• Please copy the contents of the OTL.txt file and paste it into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-4.

Things I need in your next reply:
1. The OTL fixes log
2. All RKreport.txt files
3. The new OTL.txt log

[godawgs]

Hi pa.pete,

Lets run one more OTL fix and re-run RogueKiller and see it that will take care of the FireFox proxy entries.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49576
FF - prefs.js..network.proxy.type: 1
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro AntiVirus plus AntiSpyware

:FILES
C:\Users\Radwick\AppData\Local\dplayx.dll|c:\Windows\SysWOW64\dplayx.dll /replace

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run RogueKiller

• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ProxyFix<---Very Important
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

OTL Scan

• Double click on the OTL icon to run it. Make sure all other windows are closed and let it run uninterrupted.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• check the Scan All Users box.
• Make sure the None button is checked in the Extra Registry section <---Very Important
• Check the boxes beside LOP Check and Purity Check.
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt on the desktop. This file is also saved in the same location as OTL.
• Please copy the contents of the OTL.txt file and paste it into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-4.

Things I need in your next reply:
1. The OTL fixes log
2. All RKreport.txt files
3. The new OTL.txt log

[pa.pete]

Hi godawgs,
Here are the logs.
Pete

All processes killed
========== OTL ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro AntiVirus plus AntiSpyware folder moved successfully.
========== FILES ==========
File C:\Users\Radwick\AppData\Local\dplayx.dll successfully replaced with c:\Windows\SysWOW64\dplayx.dll
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Radwick
->Temp folder emptied: 2029247 bytes
->Temporary Internet Files folder emptied: 164660958 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 18933 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1717118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 161.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_193556

Files\Folders moved on Reboot...
C:\Users\Radwick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Radwick [Admin rights]
Mode: Scan -- Date : 02/13/2012 20:42:19

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY FF] 0nmw1vio.default\ 127.0.0.1:49576 -> FOUND
[PROXY FF] 59p0at3j.default\ 127.0.0.1:49576 -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 SATA Disk Device +++++
--- User ---
[MBR] 722c9daf7c0ad978afadb63113465dd7
[BSP] 8982b1892320eaf26a77d25824456396 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Radwick [Admin rights]
Mode: Remove -- Date : 02/13/2012 20:43:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY FF] 0nmw1vio.default\ 127.0.0.1:49576 -> NOT REMOVED, USE PROXYFIX
[PROXY FF] 59p0at3j.default\ 127.0.0.1:49576 -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 SATA Disk Device +++++
--- User ---
[MBR] 722c9daf7c0ad978afadb63113465dd7
[BSP] 8982b1892320eaf26a77d25824456396 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Radwick [Admin rights]
Mode: ProxyFix -- Date : 02/13/2012 20:43:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[PROXY FF] 0nmw1vio.default\ 127.0.0.1:49576 -> DELETED
[PROXY FF] 59p0at3j.default\ 127.0.0.1:49576 -> DELETED

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



OTL logfile created on: 2/13/2012 8:50:08 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 67.30% Memory free
7.49 Gb Paging File | 5.77 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 285.14 Gb Free Space | 62.81% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/29 22:37:04 | 000,028,766 | ---- | M] (DailyBibleGuide) -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe
PRC - [2011/01/29 22:37:04 | 000,020,480 | ---- | M] (DailyBibleGuide) -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/26 06:05:46 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2010/11/26 06:05:46 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/09 19:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 18:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/09/03 14:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/26 06:05:46 | 000,251,336 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2010/11/26 06:05:46 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2010/11/26 06:05:46 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2010/11/26 06:05:46 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2010/11/18 15:55:44 | 000,079,224 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/10/08 21:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009/10/07 15:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009/09/23 21:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2008/07/03 13:18:48 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/13 10:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/29 22:37:04 | 000,028,766 | ---- | M] (DailyBibleGuide) [Auto | Running] -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe -- (DailyBibleGuideService)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/12/31 09:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010/12/31 09:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/12/31 09:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/16 08:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 10:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meadvilletribune.com/
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49576

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll (DailyBibleGuide)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Radwick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin [2011/01/29 22:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2012/01/16 18:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/01 12:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/06 14:12:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles/0nmw1vio.default\extensions\[email protected] [2012/01/22 18:35:12 | 000,000,000 | ---D | M]

[2010/11/30 11:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Extensions
[2012/02/07 20:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\0nmw1vio.default\extensions
[2012/01/22 18:35:12 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\0nmw1vio.default\extensions\[email protected]
[2012/02/07 20:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\59p0at3j.default\extensions
[2011/09/08 07:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/15 17:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/08 07:08:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/01/29 22:37:08 | 000,000,000 | ---D | M] (DailyBibleGuide) -- C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN
[2012/01/16 18:42:55 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS SECURITY\BDT\FIREFOX
File not found (No name found) -- C:\USERS\RADWICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NMW1VIO.DEFAULT\EXTENSIONS\[email protected]
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DailyBibleGuide Browser Plugin Loader] C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (DailyBibleGuide)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4103317124-915067586-60201695-1001..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A01CAC-5E03-44E0-B1BA-14357562B6C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE998D23-1334-4C02-91A6-1C73DC39E8DF}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 19:43:28 | 000,000,000 | R--D | C] -- C:\Users\Radwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/02/13 19:35:57 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\AppData\Local\dplayx.dll
[2012/02/11 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/02/11 18:54:02 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290
[2012/02/11 18:21:20 | 029,379,896 | ---- | C] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 18:11:43 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/02/11 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Roaming\Malwarebytes
[2012/02/11 10:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 10:39:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/07 20:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/06 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\GooredFix Backups
[2012/02/06 18:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:10:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/04 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2XL Games
[2012/02/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\RK_Quarantine
[2012/02/04 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\log
[2012/02/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\64bit
[2012/01/23 14:09:45 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/23 14:09:43 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/23 14:09:43 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/23 14:09:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/23 14:09:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/23 14:09:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/23 12:42:52 | 059,621,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\Documents\mpam-fex64.exe
[2012/01/22 23:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/01/22 19:20:38 | 067,632,312 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\Documents\msert.exe
[2012/01/16 18:43:05 | 000,074,824 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/01/16 18:43:05 | 000,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/01/16 18:43:05 | 000,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/01/16 18:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/16 18:26:16 | 001,182,680 | ---- | C] (PC Tools) -- C:\Windows\is-6SIPN.exe
[2012/01/16 11:05:46 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Local\Threat Expert
[2012/01/16 11:04:20 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0153.old
[2012/01/16 11:04:20 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0108.old
[2012/01/16 11:04:20 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/01/16 11:04:18 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0153.old
[2012/01/16 11:04:18 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0108.old
[2012/01/16 11:04:18 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/01/16 11:04:18 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/01/16 09:35:08 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/01/16 09:35:08 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/01/16 09:35:06 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/01/16 09:35:06 | 000,137,704 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/01/16 09:34:57 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/01/16 09:34:43 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/01/16 09:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/01/16 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Roaming\PC Tools
[2012/01/16 09:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/16 09:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/16 09:31:33 | 037,906,640 | ---- | C] (PC Tools ) -- C:\Users\Radwick\Documents\sdasetup.exe

========== Files - Modified Within 30 Days ==========

[2012/02/13 20:40:51 | 000,041,770 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/13 20:35:22 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001UA1cc6e22fe11df1c.job
[2012/02/13 20:35:22 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 20:35:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 19:49:49 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:49:49 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:42:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 19:40:35 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 19:28:16 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001Core1cc6e22fcbb18f4.job
[2012/02/13 10:47:10 | 000,055,296 | -H-- | M] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 12:39:27 | 000,000,117 | ---- | M] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:45 | 002,634,584 | ---- | M] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | M] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:46:07 | 003,586,568 | ---- | M] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:10 | 000,051,897 | ---- | M] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 18:21:20 | 029,379,896 | ---- | M] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 18:14:34 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/11 18:14:34 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/11 18:14:34 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/11 10:42:12 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 10:39:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/09 11:31:54 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/06 18:25:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:23:05 | 000,000,512 | ---- | M] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 12:10:01 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:46:15 | 001,201,664 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | M] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 14:08:19 | 001,857,040 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/01/23 13:07:36 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/23 12:42:52 | 059,621,568 | ---- | M] (Microsoft Corporation) -- C:\Users\Radwick\Documents\mpam-fex64.exe
[2012/01/22 19:20:51 | 067,632,312 | ---- | M] (Microsoft Corporation) -- C:\Users\Radwick\Documents\msert.exe
[2012/01/22 18:36:11 | 000,002,034 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | M] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | M] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | M] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk
[2012/01/16 18:42:45 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/16 18:26:16 | 001,182,680 | ---- | M] (PC Tools) -- C:\Windows\is-6SIPN.exe
[2012/01/16 18:26:16 | 000,021,031 | ---- | M] () -- C:\Windows\is-6SIPN.msg
[2012/01/16 18:26:16 | 000,000,290 | ---- | M] () -- C:\Windows\is-6SIPN.lst
[2012/01/16 09:31:41 | 037,906,640 | ---- | M] (PC Tools ) -- C:\Users\Radwick\Documents\sdasetup.exe
[2012/01/15 16:36:41 | 000,000,036 | ---- | M] () -- C:\Users\Radwick\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/02/13 20:40:51 | 000,041,770 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | C] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:36 | 002,634,584 | ---- | C] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | C] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:45:57 | 003,586,568 | ---- | C] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:09 | 000,051,897 | ---- | C] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 10:42:12 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 12:23:05 | 000,000,512 | ---- | C] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 11:46:08 | 001,201,664 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | C] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 13:07:36 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/22 18:36:11 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | C] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | C] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | C] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk
[2012/01/16 18:42:45 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/01/16 18:26:16 | 000,021,031 | ---- | C] () -- C:\Windows\is-6SIPN.msg
[2012/01/16 18:26:16 | 000,000,290 | ---- | C] () -- C:\Windows\is-6SIPN.lst
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0153.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0108.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/01/16 11:04:20 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2012/01/16 11:04:20 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/01/16 11:04:20 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/01/16 11:04:20 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/01/16 09:35:16 | 001,857,040 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/03/23 20:41:17 | 000,192,208 | ---- | C] () -- C:\Users\Radwick\AppData\Local\census.cache
[2011/03/23 20:41:09 | 000,093,307 | ---- | C] () -- C:\Users\Radwick\AppData\Local\ars.cache
[2011/01/31 22:06:13 | 000,000,036 | ---- | C] () -- C:\Users\Radwick\AppData\Local\housecall.guid.cache
[2010/12/27 11:10:57 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010/08/03 16:30:25 | 000,002,415 | ---- | C] () -- C:\Windows\disney.ini
[2010/04/14 19:52:35 | 000,055,296 | -H-- | C] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 15:46:45 | 000,005,668 | ---- | C] () -- C:\Users\Radwick\AppData\Roaming\wklnhst.dat
[2010/01/26 18:43:45 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/01/26 18:26:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/01/26 18:26:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/26 18:03:22 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/01/26 18:02:45 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll

========== LOP Check ==========

[2010/12/15 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Elluminate
[2010/07/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Packard Bell
[2011/09/08 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\ptc
[2010/04/26 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Template
[2011/09/05 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\TP
[2010/04/14 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Western Digital
[2011/04/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Windows Live Writer
[2012/02/10 19:53:34 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

[godawgs]

Hi pa.pete,

We keep killing the Firefox network proxy settings and they keep coming back. It may be due to the Daily Bible Guide. Additional research shows that Daily Bible Guide is powered by MyWebSearch, a rogue spyware/adware program that RogueKiller removed but it did not detect Daily Bible Guide. If you want to keep it just be aware that it may be part of what caused your problems and we will try to remove the network proxy settings manually.

Question: The most recent OTL log shows new folders from Garvin and TTSVoiceEditor_V290 added to the system on 2/11/2012. Did you install anything like GPS software from Garvin with the TTSVoiceEditor? See this page.

If you want to keep the Daily Bible Guide for now lets work on removing the FF network proxy settings

Step-1.

Remove Proxy Settings and check Addons

1. Open Firefox, then click Tools > Options. Click Advanced. Click the Network tab. In the Connection section click the Settings button. The Manual proxy section will be filled out, don't change anything yet. Note the number in Port.
2. Without closing Firefox, Click the Start Orb, click Control Panel, click Network and Internet, click Internet Options and click the Connections tab.
3. If there are any connections listed in the Dial-up/VPN section at the top click on the first one to select it, then click the Settings button.
4. In the menu that opens, look to see if the proxy is 127.0.0.1 and the port is that same as the one you just noted. If so, un-check the Use proxy server checkbox. and click OK.
5. Repeat for any other Dial-up/VPN connections.
6. Still in the Connections tab of Internet Properties, Click on the LAN Settings button and remove the the trojan's proxy settings as per step 4.
7. Click OK buttons until you're back to Control Panel then close that window.
8. Go back to Firefox and select Use system proxy settings then click OK and close the Options dialogue.
9. Go to Tools > Addons > Extensions and disable all but the first one.
10. Close Firefox then wait a few seconds then open it again. Go to the network settings as in step 1. If it's still set to Use system ... then that's not the corrupt addon, enable the next addon in the list an repeat this step. If it's automatically changed back to Manual You've found the corrupt addon!
11. Go to the addon page again, remove the last enabled addon (not just disable), close and reopen Firefox as before.
12. Install that addon again if you want, Firefox downloads a fresh copy so it should be all good.
13. Enable the rest of your addons.

NOTE: If the offending addon is the Daily Bible Guide let me know.


Step-2.

Things I need in your next reply:
1. Answer to my question above.
2. Did you find an Addon with the same proxy and port setting as in the Manual Proxy section from Step 1?
3. How is the computer running and what issues are you experiencing with it now?

[pa.pete]

godawgs,

There are no dial-up/vpn listed. In the lan settings the box, use a proxy server is not checked, in the Fire Fox connection setting, use system proxy settings is already checked. I have no idea what the Daily Bible Guide is and as far as that goes I never use Fire Fox, should we just get rid of it all together?

I wasn't sure what to do exactly, sorry for my confusion.
Pete

[godawgs]

Hi pa.pete,

Since an Addon isn't changing the FF settings it has to be the DailyBibleGuide program.
You didn't tell me if you installed a program from Garvin and TSSVoiceEditor on the 11th of this month.
Also, did you install a program called Coupon Printer for Windows at any time?
Could you please check in the C:\Windows\Program Files (x86) folder for the folowing:
C:\Widows\Program Files (x86)\Daily Bible Guide
C:\Windows\Peogram Files (x86)\Coupon Printer (or any variation of Coupon Printer)
and let me know if they are present.

I will get wit my instructor about the Daily Bible entries and be back with as soon as I hear from him. In the mean time please answer the questions above.
thanks.

[pa.pete]

I did download the Tss voice editor and the gps program. I don't know about the coupon printer but my wife might, I will check with her. I will also try to check the windows program files as soon as I can but I will be in class all day tomorrow and I have a big test on Friday so I apologize if there is a delay.
Thanks,
Pete

[godawgs]

Hello pa.pete,

Thanks for the answer about the gps program. Going forward, please don't install any new programs unless it's something I ask for. If you have to install something please let me know so I won't freak when I see it in the logs. Since you didn't install the Bible Guide we need to remove it.
As for the Coupon Printer for Windows Program? I have listed it in the programs to uninstall in Step 2. If you installed it and use it Don't uninstall it. If you didn't install it then uninstall it.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
PRC - [2011/01/29 22:37:04 | 000,028,766 | ---- | M] (DailyBibleGuide) -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe
PRC - [2011/01/29 22:37:04 | 000,020,480 | ---- | M] (DailyBibleGuide) -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe
SRV - [2011/01/29 22:37:04 | 000,028,766 | ---- | M] (DailyBibleGuide) [Auto | Running] -- C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe -- (DailyBibleGuideService)
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49576
FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll (DailyBibleGuide)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin [2011/01/29 22:37:08 | 000,000,000 | ---D | M]
[2011/01/29 22:37:08 | 000,000,000 | ---D | M] (DailyBibleGuide) -- C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN
File not found (No name found) -- C:\USERS\RADWICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0NMW1VIO.DEFAULT\EXTENSIONS\[email protected]
O2 - BHO: (Search Assistant BHO) - {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll (DailyBibleGuide)
O2 - BHO: (Toolbar BHO) - {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)
O3 - HKLM\..\Toolbar: (DailyBibleGuide) - {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll (DailyBibleGuide)
O4 - HKLM..\Run: [DailyBibleGuide Browser Plugin Loader] C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe (DailyBibleGuide)

:FILES
net start eventlog /c

:COMMANDS
[EMPTYTEMP}

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Malicious program uninstalls

Reboot into Safe Mode. To do that....

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode. Use the UP/DOWN arrows to highlight Safe Mode and press ENTER.

NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!

1. Please click the Start Orb. Click Control Panel
2. Under the Programs section click Uninstall a program
3. In the list of programs installed, locate the following program(s):

Coupon Printer for Windows
DailyBibleGuide
ShopAtHome.com Toolbar(If it shows up in the programs list)

3. Right click on each program to highlight it and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-3.

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:

• Highlight everything inside the code box, right click the mouse and click Copy.

C:\Windows\Program Files\*. /s
C:\Windows\Program Files (x86)\*. /s 

2. Re-open OTL on the desktop. To do that:

• Double click on the OTL icon to run it. Make sure all other windows are closed.
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Check the box beside Scan All Users
• In the Extra Registry section, click the button beside Use Safelist<---Very Important
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open OTL.Txt and Extras.txt on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
• Please copy the contents of these files and paste it into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the file in the in the post window.

Repeat the steps for the Extras.txt file.


Step-4.

Things I need in your next reply:
1. The OTL fixes log
2. The new OTL.txt log
3. The Extras.txt log
4. Please answer my question about the Garvin and TTSVoiceEditor programs.
5. Let me know whether or not you installed the Coupon Printer for Windows program.
6. Tell me about any other issues you are having with the computer.

[pa.pete]

godawgs,
Sorry about installing the voice editor and the garmin program I never even gave it a thought. When I went into safe mode and tried to uninstall Daily Bible guide a box popped up and said "there was a problem starting C:\program~2\DAILYB~2\bar\1.bin\2VBar.dll The specified module could not be found." The program would not uninstall.
My wife thinks she did install the Coupon printer some time ago but I uninstalled it anyway and didn't re-install it.
The computer does seem to be running better, I don't seem to be getting the "windows is not responding" error and it seems to be running faster.

========== OTL ==========
Process 2vbarsvc.exe killed successfully!
Process 2vbrmon.exe killed successfully!
Service DailyBibleGuideService stopped successfully!
Service DailyBibleGuideService deleted successfully!
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbarsvc.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4103317124-915067586-60201695-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f15ff29f-85a1-43cd-9674-e5ba40016c97} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f15ff29f-85a1-43cd-9674-e5ba40016c97}\ deleted successfully.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll moved successfully.
Prefs.js: [email protected]:5.2.0.0 removed from extensions.enabledItems
Prefs.js: [email protected]:1.1 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 49576 removed from network.proxy.http_port
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin\ deleted successfully.
C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin not found.
C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0631bff0-6846-48ca-982d-d62d7f376e97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0631bff0-6846-48ca-982d-d62d7f376e97}\ deleted successfully.
File C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a}\ deleted successfully.
File C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2a942ab7-2073-49bc-a7e1-77e93835889a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a942ab7-2073-49bc-a7e1-77e93835889a}\ deleted successfully.
File C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DailyBibleGuide Browser Plugin Loader deleted successfully.
File C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbrmon.exe not found.
========== FILES ==========
< net start eventlog /c >
The Windows Event Log service is starting.
C:\Users\Radwick\Desktop\cmd.bat deleted successfully.
C:\Users\Radwick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[EMPTYTEMP}> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 02172012_145608

OTL Extras logfile created on: 2/17/2012 3:36:32 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.62% Memory free
7.49 Gb Paging File | 5.71 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 283.63 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}" = ATI Catalyst Install Manager
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7CF178A-2F3D-0125-0D78-98EB53D92A52}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0695DD0E-0E07-061B-5317-1FCCEA3CA51F}" = CCC Help Czech
"{06A02948-CE93-82A0-7BD4-5FB9562136F7}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7169C2-4FC9-0454-6E6F-CDBA27D9C3CF}" = CCC Help Spanish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFA2D28-F77A-E27C-0659-F497926805AA}" = CCC Help Polish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37DA7059-EC42-8F87-2593-AB273A13CDE4}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CCFFF96-7841-44D4-91F2-4027E5C537F4}" = Zoo Tycoon 2 - Extinct Animals Demo
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{554B7217-1988-2E1E-8CAC-30CB8498DA8E}" = CCC Help Portuguese
"{55DD0FA2-22F0-4071-AC9B-32FE70BBE37D}" = PhotoMail Maker
"{5920C2D5-2969-9BAE-E5A7-947721CFF1F1}" = CCC Help English
"{5C8C6C22-5B84-E88C-C38C-9E66DB569600}" = CCC Help Thai
"{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}" = Everio MediaBrowser
"{6122170D-F78E-182F-1D70-9187108F0AB7}" = Catalyst Control Center Graphics Light
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79BF8F0E-A3A6-D677-F4AE-157BE4AB9E46}" = CCC Help Danish
"{7E9E6DC1-BE81-F3C8-2D61-F9AFADC7B2F8}" = CCC Help Chinese Standard
"{7EFE7605-8879-F08C-9EBD-F0B0EBEDE2AA}" = CCC Help French
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81CA0ED5-7522-01D4-2E20-018033B50087}" = CCC Help Korean
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7D2915-7EAB-43B0-9243-B3711462BF6E}" = Garmin VoiceStudio v2.30
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = Media Player Utilities 4.36
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91903291-1546-5B74-AC17-FDBBFD57D3F9}" = CCC Help Russian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974A6749-A030-9EC2-D200-7BD29CA886AC}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D77E042-7D73-0DDA-DAEF-95AD3247C63F}" = Catalyst Control Center Localization All
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA404934-A326-AC94-154A-73F65B2DBEFE}" = CCC Help Finnish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B04FC2D5-AE5C-1526-69B8-7121BD8CE3B1}" = CCC Help Swedish
"{B1C45394-E332-23F3-35EE-4086C5167C29}" = Catalyst Control Center Core Implementation
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6C21804-0E6C-D4E6-0CF1-4E7F96AAE930}" = CCC Help Turkish
"{BF59CB97-0475-8CDC-1DEB-F6565D3868FA}" = CCC Help Greek
"{C3A68A9A-2541-6171-3092-09C8AFAC4924}" = CCC Help Italian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C3DAFC-2F7A-E7A9-89D1-70E53F44D231}" = Catalyst Control Center InstallProxy
"{DCF9791F-07F7-3FE8-E639-22EAE582C244}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB7879B9-891A-2502-1CAC-4D328A7DA434}" = Catalyst Control Center Graphics Full Existing
"{EC3102A1-F7D5-F4D7-0BBE-E9A336852DD5}" = CCC Help Dutch
"{ECDFF117-272C-499E-BE97-AC1C6FE190CD}" = Brother Bear
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA03EF4C-DE79-C463-6B50-AAC28A9A64FD}" = Catalyst Control Center Graphics Full New
"{FAAAA82D-E8FE-04C8-72D5-619A2632E1DF}" = CCC Help Chinese Traditional
"{FCB13E0B-09AD-7133-0B7E-52A157C6582E}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Best Buy Software Installer" = Best Buy Software Installer
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"Browser Defender_is1" = Browser Defender 3.0
"Catz" = Catz (remove only)
"DailyBibleGuidebar Uninstall" = DailyBibleGuide
"Disneys Digital Coloring Book Featuring Pooh" = Disneys Digital Coloring Book Featuring Pooh
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"IncrediMail" = IncrediMail 2.0
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4CCFFF96-7841-44D4-91F2-4027E5C537F4}" = Zoo Tycoon 2 - Extinct Animals Demo
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PhotoMail" = PhotoMail Maker
"Scholastic's Little Bill Thinks BIG" = Scholastic's Little Bill Thinks BIG
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"WinLiveSuite" = Windows Live Essentials
"Zoo Tycoon 2 ES Trial Version" = Zoo Tycoon 2 Endangered Species Trial
"Zoo Tycoon 2 Trial Version" = Zoo Tycoon 2 Trial Version

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4103317124-915067586-60201695-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL logfile created on: 2/17/2012 3:36:32 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.62% Memory free
7.49 Gb Paging File | 5.71 Gb Available in Paging File | 76.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 283.63 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
PRC - [2012/01/10 08:45:44 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/26 07:04:29 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/26 06:05:46 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2010/11/26 06:05:46 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/09 19:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 18:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/09/03 14:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/07 14:54:18 | 000,200,144 | ---- | M] () -- C:\Program Files (x86)\PC Tools Security\BDT\Utility.dll
MOD - [2010/11/26 06:05:46 | 000,251,336 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2010/11/26 06:05:46 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2010/11/26 06:05:46 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2010/11/26 06:05:46 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2010/11/18 15:55:44 | 000,079,224 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/10/08 21:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009/10/07 15:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009/09/23 21:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2008/07/03 13:18:48 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/13 10:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/12/31 09:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010/12/31 09:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/12/31 09:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/16 08:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 10:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562


IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meadvilletribune.com/
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49576

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Radwick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2012/01/16 18:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/01 12:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/06 14:12:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles/0nmw1vio.default\extensions\[email protected] [2012/01/22 18:35:12 | 000,000,000 | ---D | M]

[2010/11/30 11:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Extensions
[2012/02/15 15:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\0nmw1vio.default\extensions
[2012/01/22 18:35:12 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\0nmw1vio.default\extensions\[email protected]
[2012/02/07 20:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles\59p0at3j.default\extensions
[2011/09/08 07:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/15 17:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/08 07:08:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN
[2012/01/16 18:42:55 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS SECURITY\BDT\FIREFOX
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4103317124-915067586-60201695-1001..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A01CAC-5E03-44E0-B1BA-14357562B6C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE998D23-1334-4C02-91A6-1C73DC39E8DF}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 15:21:50 | 000,000,000 | R--D | C] -- C:\Users\Radwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/02/15 15:15:37 | 000,000,000 | ---D | C] -- C:\d37e51664a70a5aa217a0fe5
[2012/02/15 13:28:43 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 13:28:42 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 13:28:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 13:28:26 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 13:28:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 13:28:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 13:28:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 13:28:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/15 13:28:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/15 13:28:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 13:28:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 13:28:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/15 13:28:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/15 13:28:03 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/15 13:28:03 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/15 13:28:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 13:28:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 13:28:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/15 13:28:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/15 13:15:22 | 000,000,000 | ---D | C] -- C:\5e446f905e7c4252a90e8751bf1cb7
[2012/02/13 19:35:57 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\AppData\Local\dplayx.dll
[2012/02/11 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/02/11 18:54:02 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290
[2012/02/11 18:21:20 | 029,379,896 | ---- | C] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 18:11:43 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/02/11 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Roaming\Malwarebytes
[2012/02/11 10:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 10:39:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/07 20:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/06 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\GooredFix Backups
[2012/02/06 18:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:10:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/04 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2XL Games
[2012/02/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\RK_Quarantine
[2012/02/04 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\log
[2012/02/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\64bit
[2012/01/23 14:09:45 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/23 14:09:43 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/23 14:09:43 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/23 14:09:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/23 14:09:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/23 14:09:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/23 12:42:52 | 059,621,568 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\Documents\mpam-fex64.exe
[2012/01/22 19:20:38 | 067,632,312 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\Documents\msert.exe

========== Files - Modified Within 30 Days ==========

[2012/02/17 15:29:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001UA1cc6e22fe11df1c.job
[2012/02/17 15:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 15:28:23 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 15:28:23 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 15:21:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 15:19:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 15:19:20 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 12:48:47 | 000,056,320 | -H-- | M] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 12:29:29 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 18:10:17 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001Core1cc6e22fcbb18f4.job
[2012/02/16 08:04:35 | 000,423,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 17:48:10 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/15 17:48:10 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/15 17:48:10 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 13:27:53 | 001,883,828 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/13 20:40:51 | 000,041,770 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | M] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:45 | 002,634,584 | ---- | M] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | M] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:46:07 | 003,586,568 | ---- | M] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:10 | 000,051,897 | ---- | M] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 18:21:20 | 029,379,896 | ---- | M] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 10:42:12 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 10:39:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 18:25:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:23:05 | 000,000,512 | ---- | M] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 12:10:01 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:46:15 | 001,201,664 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | M] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 13:07:36 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/23 12:42:52 | 059,621,568 | ---- | M] (Microsoft Corporation) -- C:\Users\Radwick\Documents\mpam-fex64.exe
[2012/01/22 19:20:51 | 067,632,312 | ---- | M] (Microsoft Corporation) -- C:\Users\Radwick\Documents\msert.exe
[2012/01/22 18:36:11 | 000,002,034 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | M] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | M] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | M] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/02/13 20:40:51 | 000,041,770 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | C] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:36 | 002,634,584 | ---- | C] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | C] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:45:57 | 003,586,568 | ---- | C] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:09 | 000,051,897 | ---- | C] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 10:42:12 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 12:23:05 | 000,000,512 | ---- | C] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 11:46:08 | 001,201,664 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | C] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 13:07:36 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/22 18:36:11 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | C] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | C] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | C] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0153.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0108.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/23 20:41:17 | 000,192,208 | ---- | C] () -- C:\Users\Radwick\AppData\Local\census.cache
[2011/03/23 20:41:09 | 000,093,307 | ---- | C] () -- C:\Users\Radwick\AppData\Local\ars.cache
[2011/01/31 22:06:13 | 000,000,036 | ---- | C] () -- C:\Users\Radwick\AppData\Local\housecall.guid.cache
[2010/12/27 11:10:57 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010/08/03 16:30:25 | 000,002,415 | ---- | C] () -- C:\Windows\disney.ini
[2010/04/14 19:52:35 | 000,056,320 | -H-- | C] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 15:46:45 | 000,005,668 | ---- | C] () -- C:\Users\Radwick\AppData\Roaming\wklnhst.dat
[2010/01/26 18:43:45 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/01/26 18:26:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/01/26 18:26:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/26 18:03:22 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/01/26 18:02:45 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll

========== LOP Check ==========

[2010/12/15 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Elluminate
[2010/07/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Packard Bell
[2011/09/08 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\ptc
[2010/04/26 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Template
[2011/09/05 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\TP
[2010/04/14 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Western Digital
[2011/04/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Windows Live Writer
[2012/02/10 19:53:34 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< C:\Windows\Program Files\*. /s >

< C:\Windows\Program Files (x86)\*. /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

Edited by pa.pete, 17 February 2012 - 03:20 PM.

[godawgs]

Hi pa.pete,

I haven't forgotten you. I'll be back to you with some additional instructions shortly.

[pa.pete]

No problem, whenever you get time.
I appreciate all your help,
Pete

[godawgs]

Hi pa.pete,

The Firefox proxy entries still keep coming back. Since you don't use Firefox let's completely uninstall it and see if that resolves the problems.


Step-1.

Show Hidden Files and Folders

• Click the Start Orb. Click Computer.
• On the next window, at the top of the window, click Tools then click Folder Options.
• On the Folder Options window click the View tab.
• Under the Files and Folders section:
  
  
• Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  
• Also make sure that Hide protected system operating files(recommended) is un-checked.
  
  
  
• Also make sure the Hide extensions for known file types box is un-checked.
  
  

You can reverse these directions to hide files/folders when we are done.


Step-2.

Completely Uninstall FireFox

Close all open windows and browsers.

• Click the Start Orb
• Click Control Panel
• Under the Programs heading click Uninstall a program
• Find the FireFox program. Right click on it and click Uninstall
• In the Mozilla Firefox Uninstall Wizard that opens, click Next
• Put a check mark in the box that says Remove my Firefox personal data and click Uninstall
• Click Finish

Delete the Firefox Installation directory located here, by default:
C:\Program Files (x86)\Mozilla Firefox

Delete the Firefox folder that contains temporary data ( *.mfl files, Cache and Updates),(if it exists), located here:
C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox

Click the Start Orb. Click Run. In the Run box type %APPDATA% and click OK
On the left side ofthe window that comes up click the arrow beside Mozilla
Find the FireFox folder. Right click on it and click Delete


Step-3.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL

IE - HKU\S-1-5-21-4103317124-915067586-60201695-1001\..\URLSearchHook: - No CLSID value found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
File not found (No name found) -- C:\PROGRAM FILES (X86)\DAILYBIBLEGUIDE\BAR\1.BIN

:FILES

ipconfig / flushdns /c

:COMMANDS

[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the button. Post the log it produces in your next reply.


Step-4.

Things for your next reply:
1. The OTL fixes log
2. The OTL.txt log
3. The Extras.txt log
4. How is the computer running?

[pa.pete]

godawgs,
When I ran the OTL quick scan I think it only produced the Txt log I can't seem to find the Extras log.
Pete

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4103317124-915067586-60201695-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin not found.
========== FILES ==========
< ipconfig / flushdns /c >
Error: unrecognized or incomplete command line.
USAGE:
ipconfig [/allcompartments] [/? | /all |
/renew [adapter] | /release [adapter] |
/renew6 [adapter] | /release6 [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] |
/showclassid6 adapter |
/setclassid6 adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IPv4 address for the specified adapter.
/release6 Release the IPv6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
/showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter.
/setclassid6 Modifies the IPv6 DHCP class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
> ipconfig /allcompartments ... Show information about all
compartments
> ipconfig /allcompartments /all ... Show detailed information about all
compartments
C:\Users\Radwick\Desktop\cmd.bat deleted successfully.
C:\Users\Radwick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Radwick
->Temp folder emptied: 2206972 bytes
->Temporary Internet Files folder emptied: 6963492 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 26754 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 775888 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 6300 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02182012_203440

Files\Folders moved on Reboot...
C:\Users\Radwick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 2/18/2012 8:43:25 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Radwick\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 63.35% Memory free
7.49 Gb Paging File | 5.73 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 283.68 Gb Free Space | 62.49% Space Free | Partition Type: NTFS

Computer Name: RADWICK-PC | User Name: Radwick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/26 06:05:46 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2010/11/26 06:05:46 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/09 19:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/11/01 18:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/24 18:42:34 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/09/03 14:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/26 06:05:46 | 000,251,336 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2010/11/26 06:05:46 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2010/11/26 06:05:46 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2010/11/26 06:05:46 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2010/11/18 15:55:44 | 000,079,224 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2009/11/20 18:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/10/08 21:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009/10/07 15:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009/09/23 21:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2008/07/03 13:18:48 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/13 10:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/30 02:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/12/31 09:36:44 | 000,074,824 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2010/12/31 09:36:42 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/12/31 09:36:40 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/12/16 08:46:10 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/09/21 14:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/03 15:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/08/11 15:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/30 12:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 05:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 06:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 22:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 03:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/28 12:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/04/28 12:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/13 10:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/02 12:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...e0z1k5a4411x562

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...e0z1k5a4411x562
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://meadvilletribune.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Radwick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Radwick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Radwick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\FireFox\ [2012/01/16 18:42:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Radwick\AppData\Roaming\Mozilla\Firefox\Profiles/0nmw1vio.default\extensions\[email protected]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A01CAC-5E03-44E0-B1BA-14357562B6C3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE998D23-1334-4C02-91A6-1C73DC39E8DF}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 20:40:10 | 000,000,000 | R--D | C] -- C:\Users\Radwick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/02/15 15:15:37 | 000,000,000 | ---D | C] -- C:\d37e51664a70a5aa217a0fe5
[2012/02/15 13:15:22 | 000,000,000 | ---D | C] -- C:\5e446f905e7c4252a90e8751bf1cb7
[2012/02/13 19:35:57 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Users\Radwick\AppData\Local\dplayx.dll
[2012/02/11 21:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2012/02/11 21:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/02/11 18:54:02 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290
[2012/02/11 18:21:20 | 029,379,896 | ---- | C] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 18:11:43 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/02/11 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\Radwick\AppData\Roaming\Malwarebytes
[2012/02/11 10:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/11 10:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 10:39:24 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/07 20:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/06 18:25:37 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\GooredFix Backups
[2012/02/06 18:25:11 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:10:01 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/04 11:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/02/04 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2XL Games
[2012/02/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\RK_Quarantine
[2012/02/04 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\log
[2012/02/04 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Radwick\Desktop\64bit

========== Files - Modified Within 30 Days ==========

[2012/02/18 20:46:39 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 20:46:39 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 20:39:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 20:38:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 20:37:57 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 20:29:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001UA1cc6e22fe11df1c.job
[2012/02/18 20:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 17:26:18 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4103317124-915067586-60201695-1001Core1cc6e22fcbb18f4.job
[2012/02/17 12:48:47 | 000,056,320 | -H-- | M] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 12:29:29 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 08:04:35 | 000,423,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 17:48:10 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/15 17:48:10 | 000,628,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/15 17:48:10 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 13:27:53 | 001,883,828 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/13 20:40:51 | 000,041,770 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | M] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:45 | 002,634,584 | ---- | M] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | M] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:46:07 | 003,586,568 | ---- | M] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:10 | 000,051,897 | ---- | M] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 18:21:20 | 029,379,896 | ---- | M] (Igor Pavlov) -- C:\Users\Radwick\Desktop\VoiceStudio_230.exe
[2012/02/11 10:42:12 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 10:39:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Radwick\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 18:25:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Radwick\Desktop\GooredFix.exe
[2012/02/04 18:26:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Radwick\Desktop\OTL.exe
[2012/02/04 12:23:05 | 000,000,512 | ---- | M] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 12:10:01 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Radwick\Desktop\aswMBR.exe
[2012/02/04 11:46:15 | 001,201,664 | ---- | M] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | M] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 13:07:36 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/22 18:36:11 | 000,002,034 | ---- | M] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | M] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | M] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | M] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/02/13 20:40:51 | 000,041,770 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.htm
[2012/02/12 12:39:27 | 000,000,117 | ---- | C] () -- C:\Users\Radwick\Desktop\Homepage » Meadville Tribune.url
[2012/02/11 20:45:36 | 002,634,584 | ---- | C] () -- C:\Users\Radwick\Desktop\Elfred.zip
[2012/02/11 20:08:52 | 000,000,523 | ---- | C] () -- C:\Users\Radwick\Desktop\English_American_.vpm - original.lnk
[2012/02/11 19:45:57 | 003,586,568 | ---- | C] () -- C:\Users\Radwick\Desktop\TeamGarmin-DaveZabriskie.zip
[2012/02/11 18:52:09 | 000,051,897 | ---- | C] () -- C:\Users\Radwick\Desktop\TTSVoiceEditor_V290.zip
[2012/02/11 10:42:12 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 12:23:05 | 000,000,512 | ---- | C] () -- C:\Users\Radwick\Desktop\MBR.dat
[2012/02/04 11:46:08 | 001,201,664 | ---- | C] () -- C:\Users\Radwick\Desktop\RogueKiller.exe
[2012/01/23 16:00:41 | 000,002,032 | ---- | C] () -- C:\Users\Radwick\Desktop\IncrediMail.lnk
[2012/01/23 13:07:36 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/22 18:36:11 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/01/22 12:46:34 | 000,000,150 | ---- | C] () -- C:\Users\Radwick\Desktop\rk-proxy.reg
[2012/01/22 12:43:03 | 000,000,297 | ---- | C] () -- C:\Users\Radwick\Desktop\iExplore.exe - Shortcut.lnk
[2012/01/22 12:37:21 | 000,000,644 | ---- | C] () -- C:\Users\Radwick\Desktop\rkill.scr - Shortcut.lnk
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0153.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0108.old
[2012/01/16 11:04:20 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/23 20:41:17 | 000,192,208 | ---- | C] () -- C:\Users\Radwick\AppData\Local\census.cache
[2011/03/23 20:41:09 | 000,093,307 | ---- | C] () -- C:\Users\Radwick\AppData\Local\ars.cache
[2011/01/31 22:06:13 | 000,000,036 | ---- | C] () -- C:\Users\Radwick\AppData\Local\housecall.guid.cache
[2010/12/27 11:10:57 | 000,000,040 | ---- | C] () -- C:\Windows\RSoftInfo.dat
[2010/08/03 16:30:25 | 000,002,415 | ---- | C] () -- C:\Windows\disney.ini
[2010/04/14 19:52:35 | 000,056,320 | -H-- | C] () -- C:\Users\Radwick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/13 15:46:45 | 000,005,668 | ---- | C] () -- C:\Users\Radwick\AppData\Roaming\wklnhst.dat
[2010/01/26 18:43:45 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/01/26 18:26:40 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/01/26 18:26:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010/01/26 18:03:22 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/01/26 18:02:45 | 000,001,642 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/29 15:56:57 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/10/29 15:56:57 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/10/29 15:56:57 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/10/29 15:06:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\AMV_DecDLL.dll

========== LOP Check ==========

[2010/12/15 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Elluminate
[2010/07/05 07:15:58 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Packard Bell
[2011/09/08 18:36:10 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\ptc
[2010/04/26 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Template
[2011/09/05 15:04:43 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\TP
[2010/04/14 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Western Digital
[2011/04/03 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Radwick\AppData\Roaming\Windows Live Writer
[2012/02/10 19:53:34 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

Edited by pa.pete, 18 February 2012 - 09:04 PM.

[godawgs]

Hi pa.pete,

Yeah! Uninstalling Firefox finally got rid of the proxy entries. The Extras.txt file was my fault. This round we will get rid of the Firefox keys in the registry and see if we can do something about the Event Logs. We're getting there.


Step-1.

Clear Event Logs

• Click the Start Orb
• Right click on Computer and click Manage
• Click (Continue) on the UAC screen. The Compute Management window will come up.
• On the left side of the window click the arrow beside Event Viewer
• Click the arrow beside Windows Logs
• Right click on System and click Clear Log
• Right click on Application and click Clear Log
• Close the Computer Management window and Reboot.

Step-2

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:FILES
ipconfig /flushdns /c

:Reg
[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[-HKEY_CURRENT_USER\Software\MozillaPlugins]
[-HKEY_LOCAL_MACHINE\software\mozilla]
[-HKEY_CURRENT_USER\software\mozilla]

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop.
3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

OTL Scan

Please re-open OTL

• Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
• You will see a console like the one below:
  
  
  
• Make sure the Output box at the top is set to Standard Output.
• Under the Extra Registry section click the button next to Use Safelist<---Important
• Check the boxes beside LOP Check and Purity Check.
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted. The scan won't take long.
• When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
• On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-4.

Things for your next reply:
1. The OTL fixes log
2. The OTL.txt log
3. The Extras.txt log
4. Tell me how the computer is running now.

[pa.pete]

godawgs,

On the computer management screen when I click on the arrow next to Event Viewer, a window pops up that says "Event log service is unavailable, Verify that the service is running" I didn't go any farther as I didn't know what to do with that.
Pete