So, I've had this problems since late August. When I do a search in Firefox using Yahoo search, the first search choice I select redirects to an ad site. With Yahoo, I can close the tab and re-select the search choice and it is fine. This is also occurring in Google Search when using Firefox. It is not happening if I use Google Chrome or IE.

I have tried a zillion anti-Malware products, all claiming to take care of this, including Malwarebytes, Security Essentials, TDSSKILLER, and some other Microsoft items. I also have Norton Internet Security installed along with SpyBotSD. My Firefox version is 15.0.1. I've tried removing add-ons, deleting Java, and cleaning up my hosts file (which did have a ton of evil 127.0.0.0 lines). Nothing works. So, here I am.

Performed ERANT.

DDR.txt
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by rbarney at 20:52:26 on 2012-09-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.1487 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\rbarney\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MediaFire Tray] "C:\Users\rbarney\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start
uRun: [93E045AD5E436816A3AC277DB363FCDD6029FB01._service_run] "C:\Users\rbarney\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{3714A2C7-00DF-4CD2-B9B9-6FEE785825FB} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO-X64: Virtual Account Numbers Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86) (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120928.001\IDSviA64.sys [2012-9-28 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0502020.003\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0502020.003\SYMTDIV.SYS [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/09/16 20:44:55];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-9-16 146928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [2012-7-17 130008]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-7-28 361808]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-9-7 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-9-7 1358360]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-9-7 166528]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-28 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/08/04 21:23:12;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-18 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250288]
S3 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-18 133104]
S3 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-2-2 45736]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 114144]
S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys --> C:\Windows\system32\DRIVERS\tap0801.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-16 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-10-01 02:13:30 -------- d-----w- C:\Windows\Malware
2012-10-01 02:12:34 -------- d-----w- C:\Program Files (x86)\Malware
2012-10-01 00:17:02 -------- d-----w- C:\Users\rbarney\AppData\Local\temp
2012-10-01 00:12:01 -------- d-----w- C:\$RECYCLE.BIN
2012-09-30 22:36:30 98816 ----a-w- C:\Windows\sed.exe
2012-09-30 22:36:30 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-30 22:36:30 256000 ----a-w- C:\Windows\PEV.exe
2012-09-30 22:36:30 208896 ----a-w- C:\Windows\MBR.exe
2012-09-30 02:47:50 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3FB2BF8-8B46-48D5-91AE-A7555590F230}\mpengine.dll
2012-09-29 01:16:44 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 03:10:27 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-21 03:10:23 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-21 03:09:50 -------- d-----w- C:\Users\rbarney\AppData\Roaming\TestApp
2012-09-17 06:29:35 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-17 03:55:39 -------- d-----w- C:\Program Files (x86)\sp51315
2012-09-17 03:30:46 -------- d-----w- C:\Users\rbarney\AppData\Local\FixItCenter
2012-09-17 03:27:08 -------- d-----w- C:\Windows\MATS
2012-09-17 03:27:07 -------- d-----w- C:\Program Files\Microsoft Fix it Center
2012-09-17 02:13:24 -------- d-----w- C:\Users\rbarney\AppData\Local\ElevatedDiagnostics
2012-09-15 21:19:59 -------- d-----w- C:\Users\rbarney\AppData\Local\BigHammer
2012-09-15 21:11:13 -------- d-----w- C:\Users\rbarney\AppData\Local\Deployment
2012-09-15 19:28:52 -------- d-----w- C:\Users\rbarney\AppData\Roaming\GlarySoft
2012-09-15 19:28:50 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2012-09-15 18:58:59 -------- d-----w- C:\Program Files\CCleaner
2012-09-15 18:23:54 -------- d-----w- C:\Users\rbarney\AppData\Roaming\USTechSupport
2012-09-15 18:22:44 -------- d-----w- C:\ProgramData\USTechSupport
2012-09-15 03:04:25 -------- d-----w- C:\Program Files (x86)\Dropbox
2012-09-09 03:44:31 -------- d-----w- C:\Users\rbarney\AppData\Roaming\Malwarebytes
2012-09-09 03:44:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-08 06:25:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-08 06:24:47 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-09-08 06:24:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-09-08 03:26:34 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-09-21 06:42:40 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 06:42:40 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-17 06:28:50 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-05 04:16:23 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-05 04:16:23 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:53:27.51 ===============

Attach.txt.zip as attachment

=============================================
aswMBR.txt
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-30 19:18:00
-----------------------------
19:18:00.272 OS Version: Windows x64 6.0.6002 Service Pack 2
19:18:00.272 Number of processors: 2 586 0x1706
19:18:00.272 ComputerName: RBARNEY-LAPTOP UserName: rbarney
19:18:01.894 Initialize success
19:20:00.212 AVAST engine defs: 12093001
19:20:29.369 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:20:29.369 Disk 0 Vendor: ST9250827AS 3.AHC Size: 238475MB BusType: 3
19:20:29.384 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
19:20:29.384 Disk 1 Vendor: ST9250827AS 3.AHC Size: 238475MB BusType: 3
19:20:29.400 Disk 1 MBR read successfully
19:20:29.416 Disk 1 MBR scan
19:20:29.416 Disk 1 unknown MBR code
19:20:29.431 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226783 MB offset 63
19:20:29.478 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 11688 MB offset 464453632
19:20:29.556 Disk 1 scanning C:\Windows\system32\drivers
19:20:48.354 Service scanning
19:21:36.497 Modules scanning
19:21:36.512 Disk 1 trace - called modules:
19:21:37.058 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:21:37.074 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004d03060]
19:21:37.089 3 CLASSPNP.SYS[fffffa6000a25c33] -> nt!IofCallDriver -> [0xfffffa8005b58660]
19:21:37.105 5 hpdskflt.sys[fffffa6001aae189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c3d590]
19:21:37.994 AVAST engine scan C:\Windows
19:21:45.217 AVAST engine scan C:\Windows\system32
19:27:24.923 AVAST engine scan C:\Windows\system32\drivers
19:27:48.826 AVAST engine scan C:\Users\rbarney
19:55:36.051 AVAST engine scan C:\ProgramData
20:03:04.589 Scan finished successfully
20:35:34.888 Disk 1 MBR has been saved successfully to "C:\Users\rbarney\Documents\MBR.dat"
20:35:34.966 The log file has been saved successfully to "C:\Users\rbarney\Documents\aswMBR.txt"

=========================================================
Spybot S&D found nothing it wasn't able to "fix", but after running it several times (including in Safe Mode) the problem still exists.

Thanks for any help you can give...

:euro:
Rod B.

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


Sorry for the delay, sometimes we get so busy a post or two may fall through the cracks

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).




OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:59 on 07/10/2012 (rbarney)
Firefox version 15.0.1 (en-US)

========== GooredScan ==========

Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!
Removing Orphan:
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"="C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [04:00 02/08/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:14 03/07/2011]
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [06:29 17/09/2012]

C:\Users\rbarney\Application Data\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\
DeviceDetection@logitech.com [00:25 10/03/2012]
ietab@ip(44).cn [13:38 27/05/2010]
{ab91efd4-6975-4081-8552-1b3922ed79e2} [02:38 05/08/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:28 11/06/2009]
"citius@orbiscom"="C:\Program Files (x86)\Virtual Account Numbers" [17:29 27/02/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\" [23:37 21/05/2011]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1" [03:59 08/10/2012]

-=E.O.F=-

=======================================================
Since the OTL text files were so big, I've zipped them and added as an attachment. :red:



OTL logfile created on: 10/8/2012 12:10:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rbarney\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 27.76% Memory free
8.12 Gb Paging File | 5.74 Gb Available in Paging File | 70.75% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.47 Gb Total Space | 82.01 Gb Free Space | 37.03% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 178.03 Gb Free Space | 76.45% Space Free | Partition Type: NTFS
Drive E: | 11.41 Gb Total Space | 1.88 Gb Free Space | 16.51% Space Free | Partition Type: NTFS

Computer Name: RBARNEY-LAPTOP | User Name: rbarney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\rbarney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\STOPzilla!\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\STOPzilla!\SZScanner.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\STOPzilla!\SZOptions.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
PRC - C:\Windows\SysWOW64\OBroker.exe (Orbiscom Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Windows\SMINST\BLService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Virtual Account Numbers\VANRes.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll ()
MOD - C:\Windows\SysWOW64\LXEBsmr.dll ()
MOD - C:\Windows\SysWOW64\LXEBsm.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (lxeb_device) -- C:\Windows\SysNative\lxebcoms.exe ( )
SRV:64bit: - (lxebCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe ()
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (szserver) -- C:\Program Files (x86)\STOPzilla!\SZServer.exe (iS3, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (lxebCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe ()
SRV - (lxeb_device) -- C:\Windows\SysWOW64\lxebcoms.exe ( )
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\DRIVERS\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\Drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\DRIVERS\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREdrv.sys (GFI Software)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ncplelhp) -- C:\Windows\SysNative\DRIVERS\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (tap0801) -- C:\Windows\SysNative\DRIVERS\tap0801.sys (The OpenVPN Project)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121007.005_e10\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121007.005_e10\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121005.002\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (LxrSII1d) -- C:\Windows\SysWOW64\drivers\LxrSII1d.sys ()
DRV - (PxHlpa64) -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}
IE:64bit: - HKLM\..\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE:64bit: - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{8548F34C-3305-470E-A035-6629D40BCD02}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\SearchScopes,DefaultScope = {80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\SearchScopes\{80F9CE9F-1811-48D0-AB07-45BF1DBB1FF0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\SearchScopes\{98B8DB1C-BE9E-4087-B6DD-45D1960D77A0}: "URL" = http://www.microsoft.com/windows/compatibility/windows-7/en-us/Search.aspx?type=Hardware&s={searchTerms}
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s1122&geo=US&ver=5
IE - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: cwwb@dietrich.cx:2.1
FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: spam@trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: unmadcfpyn@unmadcfpyn.org:2.5
FF - prefs.js..extensions.enabledAddons: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.5.1
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.16.0
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.12.1
FF - prefs.js..extensions.enabledItems: cwwb@dietrich.cx:1.0.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: citius@orbiscom:3.7.11.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.10.19.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86) (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files (x86)\Virtual Account Numbers [2011/05/29 15:59:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/06/21 23:23:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/10/07 20:59:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/16 23:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/09/06 16:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:26:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/16 23:29:35 | 000,000,000 | ---D | M]

[2010/11/13 13:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Extensions
[2010/11/13 13:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/20 08:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions
[2012/08/04 19:38:51 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/03/09 17:25:10 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\DeviceDetection@logitech.com
[2010/05/27 06:38:41 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\ietab@ip(44).cn
[2012/09/20 08:33:36 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\amznUWL2@amazon.com.xpi
[2012/02/02 02:50:26 | 000,016,766 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\cwwb@dietrich.cx.xpi
[2011/11/02 17:57:47 | 000,014,940 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\securecc@baddomain.com.xpi
[2012/08/02 22:28:24 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\spam@trashmail.net.xpi
[1619/09/13 01:32:31 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\unmadcfpyn@unmadcfpyn.org.xpi
[2012/04/24 20:38:20 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2012/07/24 19:04:33 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/14 14:41:08 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/05/22 00:48:51 | 000,002,468 | ---- | M] () -- C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\searchplugins\safesearch.xml
[2012/09/16 23:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 21:00:14 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/16 23:29:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/07 20:59:41 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_12_1
[2012/06/21 23:23:20 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2012/09/07 20:26:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/07 20:26:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/01/09 18:44:35 | 000,002,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/09/07 20:26:15 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://my.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rbarney\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rbarney\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rbarney\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rbarney\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\rbarney\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86) (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\rbarney\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\rbarney\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\rbarney\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/07 20:55:12 | 000,000,042 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000..\Run: [MediaFire Tray] C:\Users\rbarney\AppData\Local\MediaFire Express\mf_systray.exe (MediaFire LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3714A2C7-00DF-4CD2-B9B9-6FEE785825FB}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6362A157-6361-4050-805F-9C817DB059AD}: Domain = samhealth.org
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Bronze1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Bronze1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-119231873-1439685517-1501603415-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 23:59:08 | 000,000,000 | ---D | C] -- C:\Users\rbarney\Desktop\GooredFix Backups
[2012/10/07 23:18:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\rbarney\Desktop\OTL.exe
[2012/10/07 23:18:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\rbarney\Desktop\GooredFix.exe
[2012/10/07 20:55:04 | 000,074,872 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2012/10/07 20:47:24 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\SBBD.EXE
[2012/10/07 20:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/10/07 20:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/10/07 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/09/30 21:10:15 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware
[2012/09/30 21:08:06 | 000,000,000 | ---D | C] -- C:\Users\rbarney\Documents\Malware
[2012/09/30 19:13:30 | 000,000,000 | ---D | C] -- C:\Windows\Malware
[2012/09/30 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware
[2012/09/30 19:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malware
[2012/09/30 17:17:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/30 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Local\temp
[2012/09/30 17:12:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/30 15:36:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/30 15:36:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/30 15:36:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/30 15:23:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/30 15:22:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/21 22:39:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/21 22:39:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/21 22:39:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/21 22:39:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/21 22:39:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/21 22:39:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/21 22:39:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/21 22:39:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/21 22:39:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/21 22:39:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/21 22:39:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/21 22:39:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/21 22:38:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/21 22:38:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/21 22:38:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/20 21:48:19 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/09/20 20:10:27 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/09/20 20:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/20 20:09:50 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\TestApp
[2012/09/19 22:39:17 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/16 23:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/16 23:29:35 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/16 23:29:35 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/16 23:29:35 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/16 23:29:35 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/16 20:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp51315
[2012/09/16 20:30:46 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Local\FixItCenter
[2012/09/16 20:27:08 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2012/09/16 20:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/09/16 19:13:24 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Local\ElevatedDiagnostics
[2012/09/15 14:19:59 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Local\BigHammer
[2012/09/15 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Local\Deployment
[2012/09/15 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\GlarySoft
[2012/09/15 12:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012/09/15 11:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/15 11:23:54 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\USTechSupport
[2012/09/15 11:23:14 | 000,000,000 | ---D | C] -- C:\Config.msi
[2012/09/15 11:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\USTechSupport
[2012/09/14 20:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox
[2012/09/14 17:31:40 | 000,023,416 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/09/14 17:31:28 | 000,546,680 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/09/14 17:31:24 | 000,497,528 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/09/13 18:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/08 20:44:31 | 000,000,000 | ---D | C] -- C:\Users\rbarney\AppData\Roaming\Malwarebytes
[2012/09/08 20:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/08 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\rbarney\Documents\ProcAlyzer Dumps
[2009/01/02 20:12:36 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/01/02 20:12:35 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/01/02 20:12:35 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/01/02 20:12:35 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\rbarney\Documents\*.tmp files -> C:\Users\rbarney\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 00:19:52 | 000,000,768 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2012/10/08 00:15:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-119231873-1439685517-1501603415-1000UA.job
[2012/10/08 00:14:16 | 000,226,745 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/08 00:14:04 | 000,226,745 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/08 00:09:12 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/07 23:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/07 23:18:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\rbarney\Desktop\OTL.exe
[2012/10/07 23:18:25 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\rbarney\Desktop\GooredFix.exe
[2012/10/07 23:08:59 | 000,007,632 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/10/07 22:58:07 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 22:58:07 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/07 21:04:51 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/10/07 21:03:55 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/10/07 21:03:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/07 20:57:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/07 20:57:47 | 4260,319,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 20:56:21 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/07 20:55:12 | 000,000,042 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/07 20:45:30 | 000,075,264 | ---- | M] () -- C:\Users\rbarney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/06 22:56:31 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-119231873-1439685517-1501603415-1000Core.job
[2012/10/03 07:20:33 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/10/03 07:20:32 | 000,443,425 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012/10/02 03:02:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/02 03:02:17 | 000,672,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/02 03:02:17 | 000,132,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 20:17:40 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/09/30 20:35:34 | 000,000,512 | ---- | M] () -- C:\Users\rbarney\Documents\MBR.dat
[2012/09/30 19:03:43 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrbarney.job
[2012/09/29 16:32:41 | 000,000,732 | ---- | M] () -- C:\Users\rbarney\AppData\Local\d3d9caps64.dat
[2012/09/28 18:05:42 | 000,002,016 | ---- | M] () -- C:\Users\rbarney\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/28 18:05:41 | 000,002,054 | ---- | M] () -- C:\Users\rbarney\Desktop\Google Chrome.lnk
[2012/09/23 09:22:41 | 001,441,981 | ---- | M] () -- C:\Users\rbarney\Documents\JanuviaCoupon.pdf
[2012/09/20 23:42:40 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/20 23:42:40 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 21:11:57 | 000,334,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/20 20:13:22 | 003,276,501 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/16 23:28:52 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/09/16 23:28:52 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/09/16 23:28:52 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/09/16 23:28:50 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/16 23:28:50 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/16 20:27:10 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2012/09/15 21:02:22 | 000,009,995 | ---- | M] () -- C:\Users\rbarney\Desktop\Deck.odg
[2012/09/14 17:31:40 | 000,023,416 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2012/09/14 17:31:28 | 000,546,680 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2012/09/14 17:31:24 | 000,497,528 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2012/09/13 18:50:12 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/12 00:34:35 | 000,001,788 | -H-- | M] () -- C:\Users\rbarney\Documents\Default.rdp
[2012/09/09 12:45:27 | 000,172,020 | ---- | M] () -- C:\Users\rbarney\Documents\PTInsurance.pdf
[2012/09/09 12:43:21 | 000,172,737 | ---- | M] () -- C:\Users\rbarney\Documents\RangerInsurance.pdf
[3 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\rbarney\Documents\*.tmp files -> C:\Users\rbarney\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 21:00:53 | 000,007,632 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/10/07 20:56:24 | 000,000,352 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2012/09/30 20:35:34 | 000,000,512 | ---- | C] () -- C:\Users\rbarney\Documents\MBR.dat
[2012/09/30 15:36:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/30 15:36:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/30 15:36:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/30 15:36:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/30 15:36:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/29 19:35:09 | 4260,319,232 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/23 09:22:36 | 001,441,981 | ---- | C] () -- C:\Users\rbarney\Documents\JanuviaCoupon.pdf
[2012/09/20 20:10:40 | 003,276,501 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/19 22:39:20 | 000,002,054 | ---- | C] () -- C:\Users\rbarney\Desktop\Google Chrome.lnk
[2012/09/19 22:39:20 | 000,002,016 | ---- | C] () -- C:\Users\rbarney\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/16 20:27:10 | 000,000,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/09/16 20:27:09 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2012/09/15 21:02:21 | 000,009,995 | ---- | C] () -- C:\Users\rbarney\Desktop\Deck.odg
[2012/09/15 12:29:03 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/09/13 18:50:12 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/09 12:45:26 | 000,172,020 | ---- | C] () -- C:\Users\rbarney\Documents\PTInsurance.pdf
[2012/09/09 12:43:18 | 000,172,737 | ---- | C] () -- C:\Users\rbarney\Documents\RangerInsurance.pdf
[2012/09/08 18:30:53 | 000,000,732 | ---- | C] () -- C:\Users\rbarney\AppData\Local\d3d9caps64.dat
[2011/05/21 18:35:26 | 000,000,078 | ---- | C] () -- C:\Windows\IfoEdit.ini
[2011/05/18 17:27:48 | 000,001,940 | ---- | C] () -- C:\Users\rbarney\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/07 16:10:03 | 000,000,587 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/04 18:55:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 18:44:19 | 000,001,356 | ---- | C] () -- C:\Users\rbarney\AppData\Local\d3d9caps.dat
[2009/02/01 19:53:01 | 000,000,095 | ---- | C] () -- C:\Users\rbarney\AppData\Local\fusioncache.dat
[2009/01/03 22:39:31 | 000,075,264 | ---- | C] () -- C:\Users\rbarney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 22:27:16 | 000,000,253 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/16 22:21:06 | 000,226,745 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/16 22:20:38 | 000,226,745 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/16 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Aiseesoft Total Video Converter
[2011/05/28 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Any DVD Cloner Platinum
[2012/07/02 20:42:55 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Audacity
[2011/04/01 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\BITS
[2011/11/13 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\BitTorrent
[2012/09/02 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\calibre
[2010/07/18 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/08/04 19:23:33 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Digiarty
[2012/09/14 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Dropbox
[2010/09/26 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\FinalTorrent
[2010/05/29 14:07:10 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\FlashGet
[2010/05/29 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\FlashGetBHO
[2010/04/09 06:53:50 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\GARMIN
[2011/02/11 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\GetRightToGo
[2012/09/29 12:03:54 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\GlarySoft
[2012/09/05 20:11:03 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\HandBrake
[2012/01/22 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Kalypso Media
[2012/03/09 17:30:03 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Leadertech
[2010/03/28 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\MPEG Streamclip
[2010/01/09 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\muvee Technologies
[2009/03/01 20:19:36 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\My Games
[2009/05/07 20:19:20 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\OpenOffice.org
[2012/06/04 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\OpswatLogs
[2010/02/26 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\pdf995
[2012/06/04 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\PeaZip
[2011/01/02 14:42:11 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\PhotoScape
[2010/06/15 19:10:33 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Pro200-S500 Series
[2012/06/04 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\QuickScan
[2011/03/16 20:48:00 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Rovio
[2012/06/11 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\TaxCut
[2012/09/20 20:09:50 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\TestApp
[2010/11/13 13:16:20 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Thunderbird
[2012/01/29 18:50:17 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\Tropico 4
[2012/05/20 19:42:56 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\TrueCrypt
[2012/09/15 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\USTechSupport
[2011/05/22 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\webex
[2010/08/12 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\WinBatch
[2012/06/04 11:04:56 | 000,000,000 | ---D | M] -- C:\Users\rbarney\AppData\Roaming\ZipX

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Any difference after running Goordfix ?

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
[2012/10/03 07:20:32 | 000,443,425 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post that log also please

First off, now that you mention it I haven't seen a redirect since I ran the Goored program. Before I took on the OTL mission tonight I did a few searches and did not have one redirect. Nevertheless here is the log from the OTL fix:

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.old moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\rbarney\Desktop\cmd.bat deleted successfully.
C:\Users\rbarney\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rbarney
->Temp folder emptied: 1652468 bytes
->Temporary Internet Files folder emptied: 13435621 bytes
->Java cache emptied: 49869 bytes
->FireFox cache emptied: 54913176 bytes
->Google Chrome cache emptied: 11269812 bytes
->Apple Safari cache emptied: 50990080 bytes
->Flash cache emptied: 4090974 bytes

%systemdrive% .tmp files removed: 110373219 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89971 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 236.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10082012_184344

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\rbarney\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYQ19M4S\32[1].png moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
=======================================================
Once again, I'll add the OTL log as a zip file attachment.

Thats great, Gooredfix was written by one of our own malware fighters to remove bad entries from Firefox that could be causing you problems.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Here is what ESET found:
C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\unmadcfpyn@unmadcfpyn.org.xpi JS/Redirector.NCA trojan
C:\Users\rbarney\Downloads\Programs\FinalTorrent2010Setup.exe probably a variant of Win32/InstallIQ application
C:\Users\rbarney\Downloads\Programs\HC2Setup64.exe a variant of Win32/Somoto.A application

I also am sad to say I had a redirect again. This is the first one since I ran Gooredfix.:confused:

Run this program and it will check to see if there is an infected boot partition on your hard drive, lots of this going around lately

You need to run the 64 bit version


Download ListParts (http://www.bleepingcomputer.com/download/listparts/dl/77/) to your Desktop.
Download ListParts64 (http://www.bleepingcomputer.com/download/listparts/dl/78/) to your Desktop.



Double click ListParts.exe to launch the program.
Double click ListParts64.exe to launch the program.
Press the Scan button.
When finished scanning it will make a log Result.txt on your Desktop.
Please post me the contents of the log.

Here is the log:
ListParts by Farbar Version: 02-10-2012
Ran by rbarney (administrator) on 11-10-2012 at 19:54:26
Windows Vista (X64)
Running From: C:\Users\rbarney\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 69%
Total physical RAM: 4062.02 MB
Available physical RAM: 1220.67 MB
Total Pagefile: 8317.3 MB
Available Pagefile: 5439.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:221.47 GB) (Free:82.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:178.03 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:11.41 GB) (Free:1.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 233 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D DATA NTFS Partition 233 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 221 GB 32 KB
Partition 2 Primary 11 GB 221 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 221 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {f9fef230-d622-11dc-a957-b443ad44f611}
resumeobject {f9fef231-d622-11dc-a957-b443ad44f611}
displayorder {f9fef230-d622-11dc-a957-b443ad44f611}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[E:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[E:]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {f9fef230-d622-11dc-a957-b443ad44f611}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f9fef231-d622-11dc-a957-b443ad44f611}
nx OptIn

Resume from Hibernate
---------------------
identifier {f9fef231-d622-11dc-a957-b443ad44f611}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \boot\boot.sdi


****** End Of Log ******
Thanks for all the time you are spending helping me with this. I am grateful and optimistic we can resolve this.

Hi,

Your Boot partitions look fine

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE (http://www.bleepingcomputer.com/tutorials/tutorial62.html)


C:\Users\rbarney\AppData\Roaming\Mozilla\Firefox\Profiles\4cglui8j.default\extensions\unmadcfpyn@unmadcfpyn.org.xpi <--Delete this and see what happens

I did as you commanded and proceeded to run a ton of searches. Everything I clicked on took me to the right spot ... I had no redirects. I'd like to do a couple of reboots to make sure it doesn't magically reinstall itself. In the past when it looked like it was gone it would suddenly appear a few days later, usually after a reboot. I will update this task again after the weekend one way or the other. But I am optimstic.

I am curious as to what that xpi file was related to. Also how can avoid this in the future. I have plenty of anti-malware software working and this is the first time something like this has happened in over a decade. (Last time, on a different computer, my niece wanted to check her myspace page and as soon as she left massive failure requiring a recovery disk reinstall.)

Thanks again and I'll keep my fingers crossed.:D:

Good Morning,

That file I had you remove that ESET was part of a bad Firefox profile .

I will keep this thread open for you for a few days so please post back and let me know if the problem has cleared up, if not we can dig deeper if need be.

Ken :)

Not one Google or Yahoo redirect in Firefox. In addition my computer and internet both seem a lot faster and stable. I really hammered the system trying to invoke a redirect and couldn't do it. The system was rebooted twice and even had a windows update along the line. Just did some final search testing and no redirects. I think I'm good here.

Thank you Ken545
:thanks: :beerbeerb: :thanks:
:wav:

RB

Wonderful,

Torrent2010Setup.exe

I want to give you a heads up about File Sharing,its not recommended, your downloading that file from an unknown source, you have absolutely no idea where that file is coming from and what it contains, not all but most contain malicious code of some sort, its like playing Russian Roulette Malwarewise. Trust me, I have been at this for about 12 years, in my home I have 3 systems and I would not allow file sharing of any kind on any of them.


We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 7, if not proceed with the instructions.

Go to the update Tab and update it

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.





How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

I found that finaltorrent2010.exe setup in my Download/programs folder. Anytime a program is downloaded it goes here. Then I may or may not install it. I never cleanup this folder (probably my bad). I've never installed this program and don't even remember downloading it but I agree, I do not allow P2P or any other file sharing.

I did the Java update and sure enough I had 6.35 installed so I updated to 7.7. I also read a few of the recommended links. I have one final question. What is your opinion of STOPZilla? During the early days of my virus induced panic, I downloaded this. Is it safe to keep? Is it worth keeping? I also have Norton Internet Security (It's included with my Comcast Internet). I'm indifferent to it, however I really do like it's Identity Safe feature. I also of course have SpyBot Search and Destroy. Just don't want to keep anything I don't need. Thanks again.

Good Morning,

Norton is a love hate relationship, some people hate it and some people my self included love it, I have had Norton Internet Security on my systems for quite some time and have never had any issues with it, as long as you like it and its doing its job than keep it.

Microsoft recommends that you have only one AV program, more than one is over kill and and cause poor system performance . As far as Spyware programs, its ok to have 2 or 3 . I have NIS, Spybot Search and Destroy ( TeaTimer disabled ) and Malwarebytes (Pro Version ) on all my systems. The Pro Version has a protection moduale that blocks bad web sites from opening, the cost is minimal, a one time fee and you own the program, no yearly update fees. But this it totally up to you.

As far as StopZilla, the reviews are so so, its not a bad program but not one of the best, I would not pay money for it.

You can read these and make up your own mind on it

http://www.systemlookup.com/search.php?type=name&search=stopzilla&s=

http://en.wikipedia.org/wiki/STOPzilla

http://www.pcmag.com/article2/0,2817,2162968,00.asp


Take care,

Ken :)

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.