Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google redirect after File Recovery trojan - have tried the How to art

Started by MikeyTexas , Sep 13 2012 03:03 PM

This topic is locked

#16
MikeyTexas

Posted 16 September 2012 - 09:53 AM

Member

Topic Starter
Member
17 posts

OK it ran that time. I seem to not have Networking capability any longer. Could something have been disabled? Here is the .txt

ComboFix 12-09-15.02 - Michael Grantham 09/16/2012 10:29:15.2.2 - x86 NETWORK
MicrosoftÆ Windows Vistaô Ultimate 6.0.6002.2.1252.1.1033.18.3316.2837 [GMT -5:00]
Running from: c:\users\Michael Grantham\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\59e3a6e4
c:\programdata\83hpnl1wwj9a3o
c:\programdata\cd8a54
c:\programdata\Dell
c:\programdata\Dell\DSL\DSLCheck.exe
c:\users\Michael Grantham\AppData\Local\assembly\tmp
c:\users\Michael Grantham\AppData\Roaming\55172e16
c:\users\Michael Grantham\AppData\Roaming\c3902a6
c:\users\Michael Grantham\sheeomaytnrmqrbgvugtgh.exe
c:\users\Michael Grantham\WINDOWS
c:\users\Michael Grantham\wnxvzarqhdvihrdemcgprfqkt.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-16 to 2012-09-16 )))))))))))))))))))))))))))))))
.
.
2012-09-16 15:41 . 2012-09-16 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 15:41 . 2012-09-16 15:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-16 02:16 . 2012-09-16 15:41 -------- d-----w- c:\users\Michael Grantham\AppData\Local\temp
2012-09-13 21:44 . 2012-09-13 21:44 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\AVG2013
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\users\Michael Grantham\AppData\Local\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\TuneUp Software
2012-09-13 21:42 . 2012-09-14 16:38 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\program files\AVG Secure Search
2012-09-13 21:40 . 2012-09-13 21:43 -------- d-----w- c:\programdata\AVG2013
2012-09-13 21:40 . 2012-09-13 21:40 -------- d-----w- C:\$AVG
2012-09-13 21:35 . 2012-09-13 22:16 -------- d-----w- c:\users\Michael Grantham\AppData\Local\Avg2013
2012-09-13 21:35 . 2012-09-13 21:35 -------- d-----w- c:\users\Michael Grantham\AppData\Local\MFAData
2012-09-13 20:05 . 2012-09-13 20:05 -------- d-----w- C:\_OTM
2012-09-13 13:12 . 2012-09-13 18:40 -------- d-----w- c:\users\Michael Grantham\AppData\Local\adawarebp
2012-09-13 12:57 . 2012-09-13 12:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-13 00:24 . 2012-09-13 00:24 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\Malwarebytes
2012-09-13 00:24 . 2012-09-13 00:24 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:24 . 2012-09-13 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 15:14 . 2012-09-06 01:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 13:35 . 2012-08-29 14:17 -------- d-----w- c:\programdata\OfficeGuardianV2N35
2012-08-24 11:49 . 2012-08-24 11:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-24 11:48 . 2012-08-24 11:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 13:29 . 2012-03-30 11:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 13:29 . 2011-05-19 13:46 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 11:48 . 2011-02-24 00:57 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-13 21:40 . 2012-08-13 21:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 09:52 . 2012-08-10 09:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-10 09:52 . 2012-08-10 09:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-08-10 09:52 . 2012-08-10 09:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 09:52 . 2012-08-10 09:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 18:56 . 2012-08-09 18:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-09 18:56 . 2012-08-09 18:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-08-09 18:56 . 2012-08-09 18:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 14:02 . 2012-08-16 01:06 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 11:37 . 2012-08-15 21:03 916992 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 11:32 . 2012-08-15 21:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-28 11:31 . 2012-08-15 21:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-28 11:31 . 2012-08-15 21:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-06-28 11:31 . 2012-08-15 21:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-28 09:59 . 2012-08-15 21:03 385024 ----a-w- c:\windows\system32\html.iec
2012-06-28 08:19 . 2012-08-15 21:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-28 08:17 . 2012-08-15 21:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-23 10:28 . 2012-06-23 10:28 679936 ----a-w- c:\windows\system32\8-Pa9527.scr
2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-09-06 01:27 . 2011-08-06 12:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-13 21:42 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-13 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2009-04-11 640512]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-13 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-13 856160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-04 00:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Search.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michael Grantham^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
path=c:\users\Michael Grantham\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-17 01:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 17:58 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-07-07 12:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-11-08 21:01 49152 ----a-w- c:\windows\System32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 05:08 87336 ----a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-17 01:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-30 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
dot3svc REG_MULTI_SZ dot3svc
eapsvcs REG_MULTI_SZ eaphost
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WudfServiceGroup REG_MULTI_SZ WUDFSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-22 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-09-22 21:24]
.
2011-09-30 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2011-09-07 16:51]
.
2012-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 21:47]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 17:45]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 17:45]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
- c:\users\Michael Grantham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 13:57]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
- c:\users\Michael Grantham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 13:57]
.
2011-10-06 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-07 16:49]
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{9632FAA5-1B46-4128-8573-82381CD86F88}.job
- c:\windows\system32\msfeedssync.exe [2012-08-15 08:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: acddirect.com\www
Trusted Zone: arise.com\ns
Trusted Zone: callswithoutwalls.com\training
Trusted Zone: callswithoutwalls.com\www
Trusted Zone: cingularuniversity.com
Trusted Zone: convergysworkathome.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\qtwu1.turbotaxonline
Trusted Zone: intuit.com\ttlc
Trusted Zone: penson.com
Trusted Zone: turbotax.com
Trusted Zone: virtualacd.biz\www
Trusted Zone: virtualized.biz
Trusted Zone: wireless.att.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} - hxxps://iportal.west.com/krbApplicantPCScan/WAHSystemVerification.ocx
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://camsmd.com/admin/|https://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0e19a3b4-b328-4238-90bc-32fc06eb16ce%7D&mid=2de0cffa33f947d096f3d168dde9298e-774095d7949d7ea554b5198b0b570ebab39ee07a&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-13%2016%3A42%3A31&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SBRegRebootCleaner - c:\program files\Ad-Aware Antivirus\SBRC.exe
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\users\Michael Grantham\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-Adobe Connect Add-in - c:\users\Michael Grantham\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Michael Grantham\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 10:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1820)
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2012-09-16 10:44:26
ComboFix-quarantined-files.txt 2012-09-16 15:44
.
Pre-Run: 187,095,859,200 bytes free
Post-Run: 186,955,730,944 bytes free
.
- - End Of File - - 943D908EB91D7C9D579C68820CAED2D6

#17
MikeyTexas

Posted 16 September 2012 - 10:40 AM

Member

Topic Starter
Member
17 posts

Just wanted to add: I restarted and I still freeze at the desktop - the time doesn't change and am unable to open the start menu, but can move the mouse.

So I rebooted back to Safe Mode with Networking. The networking is off and it says "Unidentified network Access: Local Only". One last thing is on audio "The Audio Service is not running".

Edited by MikeyTexas, 16 September 2012 - 10:58 AM.

#18
Nedklaw

Posted 17 September 2012 - 03:47 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

It's likely that the ZeroAccess rootkit has deleted some services that you need for networking.
You will need a USB drive to transfer fixes, tools and logs from the different computers.

Step 1

Quit all programs.
Start RogueKiller.exe.
Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
Wait until the Prescan has finished.
Click on Scan.
Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.
The report has been created on the desktop.

Step 2

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File:: 
C:\Users\Michael Grantham\AppData\Local\86f34ad2
C:\Users\Michael Grantham\AppData\Local\dfdd6662
 
Folder:: 
C:\$recycle.bin\S-1-5-18\$bcfabcca2de192d7f547a6ce909f1da1
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

Save this as CFScript.txt, in the same location as ComboFix.exe.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

Please download Farbar Service Scanner and transfer it to the computer with the internet issue. Double click the file to run it.

Tick "All" of the options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Things I want to see in your next reply

All RKreport.txt files
ComboFix.txt
FSS.txt

#19
MikeyTexas

Posted 17 September 2012 - 04:58 PM

Member

Topic Starter
Member
17 posts

Hi there - Here are the reports...

Rogue Killer

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Michael Grantham [Admin rights]
Mode : Scan -- Date : 09/17/2012 17:10:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] cc8a3e2d0a65f793501038757a2907c5
[BSP] 309f752a4e6d8a1397311c24af3cea9d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 305180 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Rogue Killer Delete

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Michael Grantham [Admin rights]
Mode : Remove -- Date : 09/17/2012 17:11:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] cc8a3e2d0a65f793501038757a2907c5
[BSP] 309f752a4e6d8a1397311c24af3cea9d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 305180 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

ComboFix

ComboFix 12-09-15.02 - Michael Grantham 09/17/2012 17:24:27.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3316.2821 [GMT -5:00]
Running from: c:\users\Michael Grantham\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael Grantham\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Michael Grantham\AppData\Local\86f34ad2"
"c:\users\Michael Grantham\AppData\Local\dfdd6662"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michael Grantham\AppData\Local\86f34ad2
c:\users\Michael Grantham\AppData\Local\dfdd6662
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 22:34 . 2012-09-17 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 22:34 . 2012-09-17 22:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-16 02:16 . 2012-09-17 22:34 -------- d-----w- c:\users\Michael Grantham\AppData\Local\temp
2012-09-13 21:44 . 2012-09-13 21:44 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\AVG2013
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\users\Michael Grantham\AppData\Local\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\TuneUp Software
2012-09-13 21:42 . 2012-09-14 16:38 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-09-13 21:42 . 2012-09-13 21:42 -------- d-----w- c:\program files\AVG Secure Search
2012-09-13 21:40 . 2012-09-13 21:43 -------- d-----w- c:\programdata\AVG2013
2012-09-13 21:40 . 2012-09-13 21:40 -------- d-----w- C:\$AVG
2012-09-13 21:35 . 2012-09-13 22:16 -------- d-----w- c:\users\Michael Grantham\AppData\Local\Avg2013
2012-09-13 21:35 . 2012-09-13 21:35 -------- d-----w- c:\users\Michael Grantham\AppData\Local\MFAData
2012-09-13 20:05 . 2012-09-13 20:05 -------- d-----w- C:\_OTM
2012-09-13 13:12 . 2012-09-13 18:40 -------- d-----w- c:\users\Michael Grantham\AppData\Local\adawarebp
2012-09-13 12:57 . 2012-09-13 12:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-13 00:24 . 2012-09-13 00:24 -------- d-----w- c:\users\Michael Grantham\AppData\Roaming\Malwarebytes
2012-09-13 00:24 . 2012-09-13 00:24 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 00:24 . 2012-09-13 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 15:14 . 2012-09-06 01:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 13:35 . 2012-08-29 14:17 -------- d-----w- c:\programdata\OfficeGuardianV2N35
2012-08-24 11:49 . 2012-08-24 11:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-24 11:48 . 2012-08-24 11:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 13:29 . 2012-03-30 11:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 13:29 . 2011-05-19 13:46 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 11:48 . 2011-02-24 00:57 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-13 21:40 . 2012-08-13 21:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 09:52 . 2012-08-10 09:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-10 09:52 . 2012-08-10 09:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-08-10 09:52 . 2012-08-10 09:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 09:52 . 2012-08-10 09:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 18:56 . 2012-08-09 18:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-09 18:56 . 2012-08-09 18:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-08-09 18:56 . 2012-08-09 18:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 14:02 . 2012-08-16 01:06 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 11:37 . 2012-08-15 21:03 916992 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 11:32 . 2012-08-15 21:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-28 11:31 . 2012-08-15 21:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-28 11:31 . 2012-08-15 21:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-06-28 11:31 . 2012-08-15 21:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-28 09:59 . 2012-08-15 21:03 385024 ----a-w- c:\windows\system32\html.iec
2012-06-28 08:19 . 2012-08-15 21:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-28 08:17 . 2012-08-15 21:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-23 10:28 . 2012-06-23 10:28 679936 ----a-w- c:\windows\system32\8-Pa9527.scr
2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-09-06 01:27 . 2011-08-06 12:28 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-13 21:42 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-13 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2009-04-11 640512]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-13 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-13 856160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-04 00:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Search.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michael Grantham^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
path=c:\users\Michael Grantham\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-17 01:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 17:58 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 18:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-07-07 12:20 1008128 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
2006-11-08 21:01 49152 ----a-w- c:\windows\System32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 05:08 87336 ----a-w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-17 01:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-30 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
dot3svc REG_MULTI_SZ dot3svc
eapsvcs REG_MULTI_SZ eaphost
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WudfServiceGroup REG_MULTI_SZ WUDFSvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-22 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2011-09-22 21:24]
.
2011-09-30 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2011-09-07 16:51]
.
2012-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-30 21:47]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 17:45]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 17:45]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
- c:\users\Michael Grantham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 13:57]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
- c:\users\Michael Grantham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 13:57]
.
2011-10-06 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Software\Scribe\scribe.exe [2011-09-07 16:49]
.
2012-09-16 c:\windows\Tasks\User_Feed_Synchronization-{9632FAA5-1B46-4128-8573-82381CD86F88}.job
- c:\windows\system32\msfeedssync.exe [2012-08-15 08:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: acddirect.com\www
Trusted Zone: arise.com\ns
Trusted Zone: callswithoutwalls.com\training
Trusted Zone: callswithoutwalls.com\www
Trusted Zone: cingularuniversity.com
Trusted Zone: convergysworkathome.com\www
Trusted Zone: intuit.com
Trusted Zone: intuit.com\qtwu1.turbotaxonline
Trusted Zone: intuit.com\ttlc
Trusted Zone: penson.com
Trusted Zone: turbotax.com
Trusted Zone: virtualacd.biz\www
Trusted Zone: virtualized.biz
Trusted Zone: wireless.att.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} - hxxps://iportal.west.com/krbApplicantPCScan/WAHSystemVerification.ocx
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://camsmd.com/admin/|https://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0e19a3b4-b328-4238-90bc-32fc06eb16ce%7D&mid=2de0cffa33f947d096f3d168dde9298e-774095d7949d7ea554b5198b0b570ebab39ee07a&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-13%2016%3A42%3A31&sap=ku&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc, BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 17:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1840)
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2012-09-17 17:37:02
ComboFix-quarantined-files.txt 2012-09-17 22:37
ComboFix2.txt 2012-09-16 15:44
.
Pre-Run: 186,931,134,464 bytes free
Post-Run: 186,886,610,944 bytes free
.
- - End Of File - - 9B51EF7ACA2215D68106E543EB18F4DF

Farbar

Farbar Service Scanner Version: 06-08-2012
Ran by Michael Grantham (administrator) on 17-09-2012 at 17:50:22
Running from "C:\Users\Michael Grantham\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Edited by MikeyTexas, 18 September 2012 - 04:19 AM.

#20
Nedklaw

Posted 19 September 2012 - 02:58 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Lets get all of the services running properly again.

Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Download ERUNT to your flash drive then the sick computer's desktop.
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
Install ERUNT by following the prompts.
(Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
Start ERUNT.
(Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
Choose a location for the backup.
(The default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked.
Press OK.
Press YES to create the folder.

Step 2

It looks like the BITS service has been set to Demand. Please set it to Automatic by doing the following:

Type services.msc into the search box and click OK.
Click on the Background Intelligent Transfer Service service.
Under startup type select Automatic.
Click Apply then OK.

Step 3

Download Windows Repair (all in one) from this site.

Install the program then let it run.

Posted Image

Go to Step 3 and allow it to run System File Checker.

Posted Image

On the Start Repairs tab click Start.

Posted Image

Select the following items and tick Restart System When Finished then click Start.

Posted Image

Step 4

Download and extract the following file to your flash drive and then to your sick computer's desktop: SharedAccess.reg 338.82KB 186 downloads
Double-click SharedAccess.reg and confirm the prompts.

Step 5

Run Farbar Service Scanner.

Tick "All" of the options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step 6

Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

FSS.txt
OTL.txt

#21
MikeyTexas

Posted 19 September 2012 - 08:15 PM

Member

Topic Starter
Member
17 posts

Hi there

I ran all of the steps, but I still am freezing after the computer boots to the desktop and it just hangs there. After I restarted back into Safe Mode with Networking, there are still no network services.

I opened the services from start and I found that BITS is Automatic, so that's good. I also noticed: Internet Connection Svcs is Disabled, Network Connections Properties is set to Manual, Network Access Protection is Manual, Network List Svcs is Manual.

Not sure if those are the proper settings or not.

Here are the reports.

FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Michael Grantham (administrator) on 19-09-2012 at 20:44:12
Running from "C:\Users\Michael Grantham\Desktop"
MicrosoftÆ Windows Vistaô Ultimate Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:22] - [2008-01-20 21:22] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

OTL

OTL logfile created on: 09/19/2012 8:52:48 PM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Michael Grantham\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.24 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 85.22% Memory free
6.67 Gb Paging File | 6.39 Gb Available in Paging File | 95.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 172.62 Gb Free Space | 57.92% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.50 Gb Free Space | 93.93% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Michael Grantham | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 18:45:25 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/13 16:42:22 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/07 11:52:46 | 002,646,020 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Stopped] -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Stopped] -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe -- (CFUACProxy_officeguardianv2n35)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/07/21 20:17:20 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe -- (wgsslvpnsrc)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/03 19:06:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/13 16:42:27 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:38 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/08/10 04:52:36 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/08/09 13:56:36 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/08/09 13:56:22 | 000,151,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/09 07:27:18 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/07/21 20:17:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/20 21:21:33 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/03 15:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVBulk.sys -- (LVBulk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 7B 91 B3 17 EC CB 01 [binary data]
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-13 16:42:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://camsmd.com/ad.../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.15
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: [email protected]:3.55
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.34
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.83
FF - prefs.js..keyword.URL: "https://isearch.avg....2:31&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/09/24 17:55:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/06/11 06:47:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@livecode.runrev.com/LiveCode Player;version=1: C:\Users\Michael Grantham\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Grantham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/13 16:42:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 18:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 10:28:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/24 18:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions
[2011/05/06 10:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/13 17:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/09 14:34:43 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\qrptoolbar@leapforceathome(184).com
[2012/09/13 16:30:09 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/07/29 08:31:28 | 000,005,582 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/06/01 07:58:03 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/09/11 06:33:21 | 000,335,583 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/05/04 13:19:53 | 000,344,888 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2011/11/14 22:43:31 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2011/01/16 11:06:42 | 000,001,832 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\searchplugins\bing.xml
[2012/09/12 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/09/13 16:42:16 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/19 20:27:43 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: acddirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([training] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: cingularuniversity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: convergysworkathome.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([qtwu1.turbotaxonline] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: penson.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualized.biz ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: wireless.att.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} https://iportal.west...erification.ocx (WAHSystemVerification.axVerify)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238598588234 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://extranet.int...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: GCSPlayerAxCab https://gcslearn.par...PlayerAxCab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD999CEE-11E4-46A7-85EB-AC99863B35DB}: DhcpNameServer = 172.17.5.27 172.17.5.28
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 20:34:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 18:42:39 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/19 18:28:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/19 18:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/19 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/09/19 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\G2G 0919
[2012/09/17 17:40:47 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/17 17:36:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/17 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\0917 Geeks to go
[2012/09/15 21:16:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\temp
[2012/09/15 21:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/15 21:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/15 21:05:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/15 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/15 21:03:44 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/14 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\DG Pics
[2012/09/13 19:21:59 | 000,307,293 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RK_Quarantine
[2012/09/13 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2012/09/13 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/13 16:42:54 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\AVG Secure Search
[2012/09/13 16:42:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/09/13 16:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/13 16:42:27 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/13 16:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/13 16:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/13 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/13 16:40:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\MFAData
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\Avg2013
[2012/09/13 16:35:01 | 004,411,392 | ---- | C] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 15:33:16 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\TDSS Killer
[2012/09/13 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\GooredFix Backups
[2012/09/13 15:13:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:05:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/13 15:03:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:49:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RegistryBackup
[2012/09/13 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\erunt
[2012/09/13 14:40:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/13 08:12:07 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\adawarebp
[2012/09/13 07:57:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/09/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\Malwarebytes
[2012/09/12 19:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 19:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/29 08:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\OfficeGuardianV2N35
[2011/07/14 03:13:57 | 000,024,576 | ---- | C] (BackWeb) -- C:\Users\Michael Grantham\AppData\Local\TempIadHide3.dll

========== Files - Modified Within 30 Days ==========

[2012/09/19 20:48:14 | 000,665,914 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/19 20:48:14 | 000,129,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/19 20:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 20:34:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 20:34:28 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 20:34:28 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 20:34:25 | 000,317,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/19 20:27:43 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/19 18:42:51 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:26:48 | 000,346,950 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:26:25 | 005,313,275 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/17 17:34:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_792
[2012/09/17 17:17:14 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/16 16:34:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9632FAA5-1B46-4128-8573-82381CD86F88}.job
[2012/09/16 08:22:52 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
[2012/09/16 07:44:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/15 21:03:44 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/15 14:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
[2012/09/15 13:23:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/09/15 12:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/14 16:45:58 | 126,310,400 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:26 | 000,621,056 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 19:21:59 | 000,307,293 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:32 | 001,378,816 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 16:42:55 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/13 16:42:27 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/13 16:35:02 | 004,411,392 | ---- | M] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 16:31:07 | 000,131,072 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 15:33:20 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:20:58 | 002,193,184 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 15:13:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:03:31 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:58:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:54:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 06:37:54 | 000,000,050 | R--- | M] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/12 20:17:26 | 000,001,356 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2012/09/12 08:38:13 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/09/12 08:38:13 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/09/01 20:32:09 | 000,084,452 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/08/31 17:18:45 | 000,002,093 | ---- | M] () -- C:\Users\Michael Grantham\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/29 09:17:51 | 000,000,903 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\Clickfree BackupLink.lnk

========== Files Created - No Company Name ==========

[2012/09/19 20:25:08 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/19 18:42:51 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:28:05 | 000,346,950 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:28:01 | 005,313,275 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/15 21:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/15 21:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/15 21:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/15 21:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/15 21:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 16:43:50 | 126,310,400 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:25 | 000,621,056 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 18:54:19 | 000,131,072 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 17:33:31 | 001,378,816 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 16:42:55 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/13 15:16:31 | 002,193,184 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 13:50:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 20:48:18 | 000,000,050 | R--- | C] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/01 20:32:09 | 000,084,452 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/08/29 09:17:51 | 000,000,903 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\Clickfree BackupLink.lnk
[2012/06/28 16:53:16 | 000,000,886 | ---- | C] () -- C:\Users\Michael Grantham\.recently-used.xbel
[2012/01/20 14:34:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/20 14:34:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/29 12:46:53 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 08:10:23 | 000,135,702 | ---- | C] () -- C:\Windows\hpwins10.dat.osupcopy
[2011/10/04 08:09:28 | 000,136,359 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2011/10/04 08:09:28 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2011/10/04 08:08:57 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2011/09/25 08:40:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/25 08:40:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 08:39:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/25 08:39:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/25 06:30:06 | 000,005,632 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 19:55:16 | 000,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll
[2011/09/24 19:55:16 | 000,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll
[2011/09/24 19:55:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll
[2011/09/24 19:54:48 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/24 19:37:16 | 000,001,356 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2011/09/24 18:25:18 | 000,022,732 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/28 19:38:28 | 000,000,664 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2011/07/13 09:14:58 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/07/13 09:13:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/07/13 09:12:42 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/03/23 11:15:57 | 000,044,602 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Juniper Networks
[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Juniper Networks
[2011/09/24 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\acccore
[2012/07/29 07:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Ad-Aware Antivirus
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Avaya
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG10
[2012/09/13 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG9
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CoffeeCup Software
[2011/12/23 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CvgQuickConnect
[2011/09/24 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\DassaultSystemes
[2012/06/28 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\gtk-2.0
[2012/03/10 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\ICAClient
[2012/06/28 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Image Zone Express
[2012/07/02 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Juniper Networks
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\OpenOffice.org
[2011/09/24 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\PCDr
[2011/09/24 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Printer Info Cache
[2011/10/05 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Recordpad
[2011/10/12 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\RightNow_Technologies
[2012/05/07 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\SecondLife
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Template
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Thunderbird
[2012/09/13 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/05/23 05:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Utherverse
[2012/08/05 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\uTorrent
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VirtualStore
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VS Media Inc
[2011/10/12 08:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\WatchGuard
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\webex
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Desktop Search
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Search
[2011/09/22 16:47:32 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\debutShakeIcon.job
[2011/09/30 12:46:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\expressShakeIcon.job
[2008/01/20 21:54:58 | 000,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/06 12:47:00 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\scribeShakeIcon.job
[2012/09/16 16:34:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9632FAA5-1B46-4128-8573-82381CD86F88}.job

========== Purity Check ==========

< End of report >

Edited by MikeyTexas, 20 September 2012 - 08:15 AM.

#22
Nedklaw

Posted 23 September 2012 - 10:42 AM

Trusted Helper

Malware Removal
1,652 posts

Hi.

The services showing in FSS still aren't running so I'm going to replace their registry keys and see if this resolves the problem.

Step 1

Download and extract the following folder to your flash drive and then to your sick computer's desktop: services.zip 7KB 96 downloads
Double-click all 6 registry files and confirm the prompts.
Reboot your computer.

Step 2

Run Farbar Service Scanner.

Tick "All" of the options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Things I want to see in your next reply

FSS.txt

#23
MikeyTexas

Posted 23 September 2012 - 11:07 AM

Member

Topic Starter
Member
17 posts

Hi there -

I did the 6 registry files and restarted, but it is the same. I am still freezing on the desktop in regular boot, and when I boot in Safe Mode with Networking, I do still get all the same Unidentified Network, and no audio services etc.

Is it because I am in Safe Mode? When I ran the Windows Repair there was a message that some services would not work in Safe Mode.

Thank you and here is the text.

Farbar Service Scanner Version: 06-08-2012
Ran by Michael Grantham (administrator) on 23-09-2012 at 11:59:20
Running from "C:\Users\Michael Grantham\Desktop"
MicrosoftÆ Windows Vistaô Ultimate Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:22] - [2008-01-20 21:22] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Edited by MikeyTexas, 24 September 2012 - 08:18 AM.

#24
MikeyTexas

Posted 24 September 2012 - 08:23 AM

Member

Topic Starter
Member
17 posts

Hi there -

I have an update.

I removed my virus protection (AVG) and can now get to the desktop in Standard mode, but still no services were available. The Audio says "No Audio Device Installed". This must be all drivers that are off/missing.

I did the last two steps you gave over: running Windows Repair and restarting and then retrying to add the new registries, but it is still the same. This happened when ComboFix ran, so not sure what to do next.

I did notice the FSS report changed quite a bit, so I am including it along with the OTL report booted in standard mode.

FSS 09242012 in Standard Mode after last 2 steps

Farbar Service Scanner Version: 06-08-2012
Ran by Michael Grantham (administrator) on 24-09-2012 at 09:04:21
Running from "C:\Users\Michael Grantham\Desktop"
MicrosoftÆ Windows Vistaô Ultimate Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:22] - [2008-01-20 21:22] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

OTL in Standard Mode 09242012

OTL logfile created on: 09/24/2012 9:06:14 AM - Run 4
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Michael Grantham\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.24 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 70.49% Memory free
6.69 Gb Paging File | 5.78 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 169.53 Gb Free Space | 56.88% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Michael Grantham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/12 15:39:35 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/06/28 03:18:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe
PRC - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/11/11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/07/21 20:17:20 | 000,069,632 | ---- | M] () -- C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
PRC - [2009/05/21 12:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 18:45:25 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2012/05/09 05:55:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012/05/09 05:52:55 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 05:52:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/07 11:52:46 | 002,646,020 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe -- (CFUACProxy_officeguardianv2n35)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/07/21 20:17:20 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe -- (wgsslvpnsrc)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/03 19:06:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/09 07:27:18 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/07/21 20:17:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/20 21:21:33 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/03 15:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVBulk.sys -- (LVBulk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 7B 91 B3 17 EC CB 01 [binary data]
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-13 16:42:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://camsmd.com/ad.../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.15
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: [email protected]:3.55
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.83
FF - prefs.js..keyword.URL: "https://isearch.avg....2:31&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/09/24 17:55:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/06/11 06:47:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@livecode.runrev.com/LiveCode Player;version=1: C:\Users\Michael Grantham\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Grantham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 18:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 10:28:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/24 18:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions
[2011/05/06 10:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/13 17:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/09 14:34:43 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\qrptoolbar@leapforceathome(184).com
[2012/09/13 16:30:09 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/07/29 08:31:28 | 000,005,582 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/06/01 07:58:03 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/09/11 06:33:21 | 000,335,583 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/05/04 13:19:53 | 000,344,888 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2011/11/14 22:43:31 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2011/01/16 11:06:42 | 000,001,832 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\searchplugins\bing.xml
[2012/09/12 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/09/13 16:42:16 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/23 15:43:17 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: acddirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([training] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: cingularuniversity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: convergysworkathome.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([qtwu1.turbotaxonline] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: penson.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualized.biz ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: wireless.att.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} https://iportal.west...erification.ocx (WAHSystemVerification.axVerify)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238598588234 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://extranet.int...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: GCSPlayerAxCab https://gcslearn.par...PlayerAxCab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD999CEE-11E4-46A7-85EB-AC99863B35DB}: DhcpNameServer = 172.17.5.27 172.17.5.28
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 15:52:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/23 14:06:21 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/23 13:43:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/19 20:34:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 18:42:39 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/19 18:28:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/19 18:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/19 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/09/19 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\G2G 0919
[2012/09/17 17:40:47 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/17 17:36:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/17 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\0917 Geeks to go
[2012/09/15 21:16:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\temp
[2012/09/15 21:05:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/15 21:05:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/15 21:05:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/15 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/15 21:03:44 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/14 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\DG Pics
[2012/09/13 19:21:59 | 000,307,293 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RK_Quarantine
[2012/09/13 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2012/09/13 16:42:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/09/13 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\MFAData
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\Avg2013
[2012/09/13 16:35:01 | 004,411,392 | ---- | C] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 15:33:16 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\TDSS Killer
[2012/09/13 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\GooredFix Backups
[2012/09/13 15:13:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:05:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/13 15:03:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:49:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RegistryBackup
[2012/09/13 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\erunt
[2012/09/13 14:40:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/13 08:12:07 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\adawarebp
[2012/09/13 07:57:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/09/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\Malwarebytes
[2012/09/12 19:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 19:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/29 08:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\OfficeGuardianV2N35
[2011/07/14 03:13:57 | 000,024,576 | ---- | C] (BackWeb) -- C:\Users\Michael Grantham\AppData\Local\TempIadHide3.dll

========== Files - Modified Within 30 Days ==========

[2012/09/24 09:06:55 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{535F2173-5E31-4FE6-B82B-4066B69E2633}.job
[2012/09/24 08:44:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/24 08:28:29 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 08:28:29 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 08:19:20 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
[2012/09/24 06:36:28 | 000,666,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/24 06:36:28 | 000,129,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/24 06:28:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/24 06:28:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/24 06:28:16 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 17:35:44 | 000,003,132 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\EventSystem.reg
[2012/09/23 17:35:08 | 000,006,288 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\BITS.reg
[2012/09/23 17:34:52 | 000,006,176 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\wuauserv.reg
[2012/09/23 17:34:32 | 000,005,256 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\wscsvc.reg
[2012/09/23 17:34:04 | 000,020,254 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\VSS.reg
[2012/09/23 17:33:40 | 000,002,066 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\SDRSVC.reg
[2012/09/23 16:05:59 | 000,317,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/23 15:53:09 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/23 15:43:17 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/23 14:35:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
[2012/09/23 11:59:03 | 000,001,356 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2012/09/23 11:49:46 | 000,007,166 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\services.zip
[2012/09/19 20:27:43 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_482
[2012/09/19 18:42:51 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:26:48 | 000,346,950 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:26:25 | 005,313,275 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/17 17:34:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_792
[2012/09/17 17:17:14 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/15 21:03:44 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/15 13:23:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/09/15 12:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/14 16:45:58 | 126,310,400 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:26 | 000,621,056 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 19:21:59 | 000,307,293 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:32 | 001,378,816 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 16:35:02 | 004,411,392 | ---- | M] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 16:31:07 | 000,131,072 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 15:33:20 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:20:58 | 002,193,184 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 15:13:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:03:31 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:58:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:54:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 06:37:54 | 000,000,050 | R--- | M] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/12 08:38:13 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/09/12 08:38:13 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/09/01 20:32:09 | 000,084,452 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/08/31 17:18:45 | 000,002,093 | ---- | M] () -- C:\Users\Michael Grantham\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/29 09:17:51 | 000,000,903 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\Clickfree BackupLink.lnk

========== Files Created - No Company Name ==========

[2012/09/24 09:06:55 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{535F2173-5E31-4FE6-B82B-4066B69E2633}.job
[2012/09/23 13:45:32 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/23 11:51:06 | 000,006,288 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\BITS.reg
[2012/09/23 11:51:06 | 000,006,176 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\wuauserv.reg
[2012/09/23 11:51:06 | 000,003,132 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\EventSystem.reg
[2012/09/23 11:51:05 | 000,020,254 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\VSS.reg
[2012/09/23 11:51:05 | 000,005,256 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\wscsvc.reg
[2012/09/23 11:51:05 | 000,002,066 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\SDRSVC.reg
[2012/09/23 11:50:44 | 000,007,166 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\services.zip
[2012/09/19 20:25:08 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/19 18:42:51 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:28:05 | 000,346,950 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:28:01 | 005,313,275 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/15 21:05:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/15 21:05:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/15 21:05:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/15 21:05:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/15 21:05:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 16:43:50 | 126,310,400 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:25 | 000,621,056 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 18:54:19 | 000,131,072 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 17:33:31 | 001,378,816 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 15:16:31 | 002,193,184 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 13:50:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 20:48:18 | 000,000,050 | R--- | C] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/01 20:32:09 | 000,084,452 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/08/29 09:17:51 | 000,000,903 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\Clickfree BackupLink.lnk
[2012/06/28 16:53:16 | 000,000,886 | ---- | C] () -- C:\Users\Michael Grantham\.recently-used.xbel
[2012/01/20 14:34:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/20 14:34:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/29 12:46:53 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 08:10:23 | 000,135,702 | ---- | C] () -- C:\Windows\hpwins10.dat.osupcopy
[2011/10/04 08:09:28 | 000,136,359 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2011/10/04 08:09:28 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2011/10/04 08:08:57 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2011/09/25 08:40:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/25 08:40:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 08:39:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/25 08:39:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/25 06:30:06 | 000,005,632 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 19:55:16 | 000,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll
[2011/09/24 19:55:16 | 000,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll
[2011/09/24 19:55:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll
[2011/09/24 19:54:48 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/24 19:37:16 | 000,001,356 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2011/09/24 18:25:18 | 000,022,732 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/28 19:38:28 | 000,000,664 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2011/07/13 09:14:58 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/07/13 09:13:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/07/13 09:12:42 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/03/23 11:15:57 | 000,044,602 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Juniper Networks
[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Juniper Networks
[2011/09/24 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\acccore
[2012/07/29 07:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Ad-Aware Antivirus
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Avaya
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG10
[2012/09/13 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG9
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CoffeeCup Software
[2011/12/23 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CvgQuickConnect
[2011/09/24 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\DassaultSystemes
[2012/06/28 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\gtk-2.0
[2012/03/10 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\ICAClient
[2012/06/28 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Image Zone Express
[2012/07/02 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Juniper Networks
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\OpenOffice.org
[2011/09/24 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\PCDr
[2011/09/24 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Printer Info Cache
[2011/10/05 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Recordpad
[2011/10/12 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\RightNow_Technologies
[2012/05/07 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\SecondLife
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Template
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Thunderbird
[2012/09/13 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/05/23 05:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Utherverse
[2012/08/05 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\uTorrent
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VirtualStore
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VS Media Inc
[2011/10/12 08:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\WatchGuard
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\webex
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Desktop Search
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Search
[2011/09/22 16:47:32 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\debutShakeIcon.job
[2011/09/30 12:46:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\expressShakeIcon.job
[2008/01/20 21:54:58 | 000,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/06 12:47:00 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\scribeShakeIcon.job
[2012/09/24 09:06:55 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{535F2173-5E31-4FE6-B82B-4066B69E2633}.job

========== Purity Check ==========

< End of report >

Edited by MikeyTexas, 24 September 2012 - 09:10 AM.

#25
Nedklaw

Posted 25 September 2012 - 05:02 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

AVG and ComboFix have been known to conflict with each other. The FSS log looks fine now. These internet/network problems can be a pain to resolve so bear with me.

Step 1

Download Complete Internet Repair to your desktop.

Unzip all of the files to their own folder on the desktop.
Within the folder double click CIntRep.
The program will then run.
Tick "All" of the options.
Press Go.
Let me know if it is able to conduct the repair, there is a log at the bottom.

#26
MikeyTexas

Posted 25 September 2012 - 06:14 PM

Member

Topic Starter
Member
17 posts

Hi there -

I ran the Complete Internet Repair and rebooted, but the network is still not being picked up. I am including the log I found from running it, and it looks like there are modules that are not found.

MikeyTexas
./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[25/09/2012 18:57:04] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:05] TCP/IP interfaces reset successful.
[25/09/2012 18:57:05] TCP/IP v6 interfaces reset successful.
[25/09/2012 18:57:05] You may need to restart your computer for the settings to take effect.
[25/09/2012 18:57:05] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:05] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Could not reset the Winsock Catalog.
[25/09/2012 18:57:06] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:06] Windows Event Log Service Configured.
[25/09/2012 18:57:06] Starting the Windows Event Log Service.....
[25/09/2012 18:57:07] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:07] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:07] Successfully flushed DNS Resolver Cache.
[25/09/2012 18:57:07] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[25/09/2012 18:57:10] Registration of the DNS resource records has been initiated.
[25/09/2012 18:57:10] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[25/09/2012 18:57:10] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:10] Repairing Internet Explorer 8.0.6001, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:10] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[25/09/2012 18:57:10] RegSvr32.exe: 'asctrls.ocx' Specified module not found
[25/09/2012 18:57:10] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:10] RegSvr32.exe: 'cdfview.dll' Specified module not found
[25/09/2012 18:57:10] RegSvr32.exe: 'comcat.dll' registration succeeded.
[25/09/2012 18:57:10] RegSvr32.exe: 'comctl32.dll' registration succeeded.
[25/09/2012 18:57:10] RegSvr32.exe: 'corpol.dll' registration succeeded.
[25/09/2012 18:57:10] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 18:57:10] RegSvr32.exe: '"C:\Program Files\Internet Explorer\custsat.dll"' Specified module not found
[25/09/2012 18:57:11] RegSvr32.exe: 'digest.dll' Specified module not found
[25/09/2012 18:57:11] RegSvr32.exe: 'dispex.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'dxtmsft.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'dxtrans.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'extmgr.dll' Specified module not found
[25/09/2012 18:57:11] RegSvr32.exe: '"C:\Program Files\Internet Explorer\hmmapi.dll"' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'hlink.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'ieaksie.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'ieapfltr.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'iedkcs32.dll' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: '"C:\Program Files\Internet Explorer\iedvtool.dll"' registration succeeded.
[25/09/2012 18:57:11] RegSvr32.exe: 'iedvtool.dll' Specified module not found
[25/09/2012 18:57:12] RegSvr32.exe: 'ieframe.dll' registration succeeded.
[25/09/2012 18:57:12] RegSvr32.exe: 'iepeers.dll' registration succeeded.
[25/09/2012 18:57:12] RegSvr32.exe: '"C:\Program Files\Internet Explorer\ieproxy.dll"' registration succeeded.
[25/09/2012 18:57:12] RegSvr32.exe: 'ieproxy.dll' Specified module not found
[25/09/2012 18:57:12] RegSvr32.exe: 'iesetup.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:12] RegSvr32.exe: 'imgutil.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:13] RegSvr32.exe: 'inetcpl.cpl' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:13] RegSvr32.exe: 'inetcpl.cpl' registration succeeded.
[25/09/2012 18:57:13] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 18:57:13] RegSvr32.exe: 'inseng.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:14] RegSvr32.exe: 'jscript.dll' registration succeeded.
[25/09/2012 18:57:14] RegSvr32.exe: 'licmgr10.dll' registration succeeded.
[25/09/2012 18:57:14] RegSvr32.exe: 'mlang.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:14] RegSvr32.exe: 'mobsync.dll' Specified module not found
[25/09/2012 18:57:14] RegSvr32.exe: 'msapsspc.dll' Specified module not found
[25/09/2012 18:57:14] RegSvr32.exe: 'mscoree.dll' registration succeeded.
[25/09/2012 18:57:14] RegSvr32.exe: 'mscorier.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:14] RegSvr32.exe: 'mscories.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:15] RegSvr32.exe: 'msdbg2.dll' registration succeeded.
[25/09/2012 18:57:15] RegSvr32.exe: 'mshta.exe' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:15] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:15] RegSvr32.exe: 'mshtmled.dll' registration succeeded.
[25/09/2012 18:57:15] RegSvr32.exe: 'msident.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:16] RegSvr32.exe: 'msieftp.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:16] RegSvr32.exe: 'msnsspc.dll' Specified module not found
[25/09/2012 18:57:16] RegSvr32.exe: 'msr2c.dll' Specified module not found
[25/09/2012 18:57:16] RegSvr32.exe: 'msrating.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:16] RegSvr32.exe: 'mstime.dll' registration succeeded.
[25/09/2012 18:57:16] RegSvr32.exe: 'msxml.dll' registration succeeded.
[25/09/2012 18:57:16] RegSvr32.exe: 'ole32.dll' registration succeeded.
[25/09/2012 18:57:16] RegSvr32.exe: 'oleacc.dll' registration succeeded.
[25/09/2012 18:57:17] RegSvr32.exe: 'occache.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:17] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[25/09/2012 18:57:17] RegSvr32.exe: '"C:\Program Files\Internet Explorer\pdm.dll"' registration succeeded.
[25/09/2012 18:57:17] RegSvr32.exe: 'plugin.ocx' Specified module not found
[25/09/2012 18:57:17] RegSvr32.exe: 'pngfilt.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:18] RegSvr32.exe: 'proctexe.ocx' Specified module not found
[25/09/2012 18:57:18] RegSvr32.exe: 'scrobj.dll' Error number: 0x80070005
[25/09/2012 18:57:18] RegSvr32.exe: 'sendmail.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:18] RegSvr32.exe: 'setupwbv.dll' Specified module not found
[25/09/2012 18:57:18] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:18] RegSvr32.exe: 'tdc.ocx' registration succeeded.
[25/09/2012 18:57:18] RegSvr32.exe: 'url.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:18] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[25/09/2012 18:57:18] RegSvr32.exe: 'urlmon.dll,NI,HKLM' Specified module not found
[25/09/2012 18:57:18] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[25/09/2012 18:57:18] RegSvr32.exe: '"C:\Program Files\microsoft shared\vgx\vgx.dll"' Specified module not found
[25/09/2012 18:57:19] RegSvr32.exe: 'webcheck.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:19] Finished repairing Internet Explorer 8.0.6001

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:19] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:19] Stopping the BITS Service.....
[25/09/2012 18:57:19] BITS Stopped Successfully.
[25/09/2012 18:57:19] Stopping the Automatic Updates (wuauserv) Service.....
[25/09/2012 18:57:19] Automatic Updates (wuauserv) Service Stopped Successfully.
[25/09/2012 18:57:19] Clearing File Stores (Update History).....
[25/09/2012 18:57:19] Clearing [C:\Windows\SoftwareDistribution\Download].....
[25/09/2012 18:57:19] [C:\Windows\SoftwareDistribution\Download] Cleared.
[25/09/2012 18:57:19] Clearing [C:\Windows\SoftwareDistribution\DataStore].....
[25/09/2012 18:57:20] [C:\Windows\SoftwareDistribution\DataStore] Cleared.
[25/09/2012 18:57:20] Clearing [C:\Windows\system32\CatRoot2].....
[25/09/2012 18:57:21] [C:\Windows\system32\CatRoot2] Cleared.
[25/09/2012 18:57:21] Setting BITS Security Descriptor.....
[25/09/2012 18:57:22] BITS Security Descriptor Set.
[25/09/2012 18:57:22] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[25/09/2012 18:57:23] Automatic Updates (wuauserv) Security Descriptor Set.
[25/09/2012 18:57:23] Configuring the Automatic Updates (wuauserv) Service.....
[25/09/2012 18:57:23] Automatic Updates (wuauserv) Service Configured.
[25/09/2012 18:57:23] Configuring BITS.....
[25/09/2012 18:57:23] BITS Configured.
[25/09/2012 18:57:23] Registering WUAU DLLs.....
[25/09/2012 18:57:24] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'atl.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:24] RegSvr32.exe: 'corpol.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'dispex.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 18:57:24] RegSvr32.exe: 'jscript.dll' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:24] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[25/09/2012 18:57:24] RegSvr32.exe: 'msxml.dll' registration succeeded.
[25/09/2012 18:57:25] RegSvr32.exe: 'msxml2.dll' registration succeeded.
[25/09/2012 18:57:25] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[25/09/2012 18:57:25] RegSvr32.exe: 'msxml4.dll' registration succeeded.
[25/09/2012 18:57:25] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[25/09/2012 18:57:25] RegSvr32.exe: 'muweb.dll' registration succeeded.
[25/09/2012 18:57:26] RegSvr32.exe: 'ole.dll' Specified module not found
[25/09/2012 18:57:26] RegSvr32.exe: 'ole32.dll' registration succeeded.
[25/09/2012 18:57:26] RegSvr32.exe: 'oleaut.dll' Specified module not found
[25/09/2012 18:57:26] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[25/09/2012 18:57:26] RegSvr32.exe: 'qmgr.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:26] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[25/09/2012 18:57:26] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 18:57:26] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 18:57:27] RegSvr32.exe: 'shell.dll' Specified module not found
[25/09/2012 18:57:27] RegSvr32.exe: 'shell32.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'softpub.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[25/09/2012 18:57:27] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[25/09/2012 18:57:28] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[25/09/2012 18:57:28] RegSvr32.exe: 'wshext.dll' registration succeeded.
[25/09/2012 18:57:28] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[25/09/2012 18:57:28] RegSvr32.exe: 'wuaueng.dll' Error number: 0x80070005
[25/09/2012 18:57:28] RegSvr32.exe: 'wuaueng1.dll' Specified module not found
[25/09/2012 18:57:28] RegSvr32.exe: 'wucltui.dll' Specified module not found
[25/09/2012 18:57:28] RegSvr32.exe: 'wucltux.dll' registration succeeded.
[25/09/2012 18:57:29] RegSvr32.exe: 'wups.dll' registration succeeded.
[25/09/2012 18:57:29] RegSvr32.exe: 'wups2.dll' registration succeeded.
[25/09/2012 18:57:29] RegSvr32.exe: 'wuweb.dll' Specified module not found
[25/09/2012 18:57:29] RegSvr32.exe: 'wuwebv.dll' registration succeeded.
[25/09/2012 18:57:29] WUAU DLLs Reregistered.
[25/09/2012 18:57:29] Resetting proxy settings.....
[25/09/2012 18:57:29] Proxy settings reset successfully.
[25/09/2012 18:57:29] Restarting the Automatic Updates (wuauserv) Service.....
[25/09/2012 18:57:29] Automatic Updates (wuauserv) Service Restarted.
[25/09/2012 18:57:29] Restarting the BITS Service.....
[25/09/2012 18:57:30] BITS Service Restarted.
[25/09/2012 18:57:30] Clearing the BITS queue.....
[25/09/2012 18:57:35] BITS queue cleared.
[25/09/2012 18:57:35] Initiating Windows Updates detection right away.....
[25/09/2012 18:57:35] Finished repairing Windows Update / Automatic Updates.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:35] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:35] Configuring the Cryptographic Service.....
[25/09/2012 18:57:35] Cryptographic Service Configured.
[25/09/2012 18:57:35] Stopping the Cryptographic Service.....
[25/09/2012 18:57:35] Cryptographic service Stopped Successfully.
[25/09/2012 18:57:36] Clearing [C:\Windows\system32\CatRoot].....
[25/09/2012 18:57:36] [C:\Windows\system32\CatRoot] cleared.
[25/09/2012 18:57:36] Re-registering SSL / HTTPS / Cryptography DLLs.....
[25/09/2012 18:57:36] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 18:57:36] RegSvr32.exe: 'licdll.dll' Specified module not found
[25/09/2012 18:57:36] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[25/09/2012 18:57:36] RegSvr32.exe: 'regwizc.dll' Specified module not found
[25/09/2012 18:57:36] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'scardssp.dll' Specified module not found
[25/09/2012 18:57:37] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'scecli.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'softpub.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[25/09/2012 18:57:37] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[25/09/2012 18:57:37] SSL / HTTPS / Cryptography DLLs re-registered.
[25/09/2012 18:57:38] Restarting the Cryptographic Service.....
[25/09/2012 18:57:39] Cryptographic Service restarted.
[25/09/2012 18:57:39] Finished repairing SSL / HTTPS / Cryptography service.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Windows Firewall configuration reset successful.
[25/09/2012 18:57:39] Finished resetting the Windows Firewall configuraton.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Writing data to the HOSTS file.....
[25/09/2012 18:57:39] HOSTS file created successfully.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Repairing Workgroup Computers view, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] Finished repairing Workgroup Computers view.

-----------------------------------------------------------------------------------------
[25/09/2012 18:57:39] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[25/09/2012 18:58:13] Your computer is restarting now.....

-----------------------------------------------------------------------------------------

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[25/09/2012 19:07:16] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:16] TCP/IP interfaces reset successful.
[25/09/2012 19:07:17] TCP/IP v6 interfaces reset successful.
[25/09/2012 19:07:17] You may need to restart your computer for the settings to take effect.
[25/09/2012 19:07:17] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Could not reset the Winsock Catalog.
[25/09/2012 19:07:17] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:17] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:18] Windows Event Log Service Configured.
[25/09/2012 19:07:18] Starting the Windows Event Log Service.....
[25/09/2012 19:07:18] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:18] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:18] Successfully flushed DNS Resolver Cache.
[25/09/2012 19:07:18] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[25/09/2012 19:07:21] Registration of the DNS resource records has been initiated.
[25/09/2012 19:07:21] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[25/09/2012 19:07:21] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:21] Repairing Internet Explorer 8.0.6001, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:22] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'asctrls.ocx' Specified module not found
[25/09/2012 19:07:22] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:22] RegSvr32.exe: 'cdfview.dll' Specified module not found
[25/09/2012 19:07:22] RegSvr32.exe: 'comcat.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'comctl32.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'corpol.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: '"C:\Program Files\Internet Explorer\custsat.dll"' Specified module not found
[25/09/2012 19:07:22] RegSvr32.exe: 'digest.dll' Specified module not found
[25/09/2012 19:07:22] RegSvr32.exe: 'dispex.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'dxtmsft.dll' registration succeeded.
[25/09/2012 19:07:22] RegSvr32.exe: 'dxtrans.dll' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'extmgr.dll' Specified module not found
[25/09/2012 19:07:23] RegSvr32.exe: '"C:\Program Files\Internet Explorer\hmmapi.dll"' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'hlink.dll' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'ieaksie.dll' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'ieapfltr.dll' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'iedkcs32.dll' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: '"C:\Program Files\Internet Explorer\iedvtool.dll"' registration succeeded.
[25/09/2012 19:07:23] RegSvr32.exe: 'iedvtool.dll' Specified module not found
[25/09/2012 19:07:23] RegSvr32.exe: 'ieframe.dll' registration succeeded.
[25/09/2012 19:07:24] RegSvr32.exe: 'iepeers.dll' registration succeeded.
[25/09/2012 19:07:24] RegSvr32.exe: '"C:\Program Files\Internet Explorer\ieproxy.dll"' registration succeeded.
[25/09/2012 19:07:24] RegSvr32.exe: 'ieproxy.dll' Specified module not found
[25/09/2012 19:07:24] RegSvr32.exe: 'iesetup.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:24] RegSvr32.exe: 'imgutil.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:25] RegSvr32.exe: 'inetcpl.cpl' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:25] RegSvr32.exe: 'inetcpl.cpl' registration succeeded.
[25/09/2012 19:07:25] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 19:07:25] RegSvr32.exe: 'inseng.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:25] RegSvr32.exe: 'jscript.dll' registration succeeded.
[25/09/2012 19:07:25] RegSvr32.exe: 'licmgr10.dll' registration succeeded.
[25/09/2012 19:07:26] RegSvr32.exe: 'mlang.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:26] RegSvr32.exe: 'mobsync.dll' Specified module not found
[25/09/2012 19:07:26] RegSvr32.exe: 'msapsspc.dll' Specified module not found
[25/09/2012 19:07:26] RegSvr32.exe: 'mscoree.dll' registration succeeded.
[25/09/2012 19:07:26] RegSvr32.exe: 'mscorier.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:26] RegSvr32.exe: 'mscories.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:26] RegSvr32.exe: 'msdbg2.dll' registration succeeded.
[25/09/2012 19:07:26] RegSvr32.exe: 'mshta.exe' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:26] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:26] RegSvr32.exe: 'mshtmled.dll' registration succeeded.
[25/09/2012 19:07:27] RegSvr32.exe: 'msident.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:27] RegSvr32.exe: 'msieftp.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:27] RegSvr32.exe: 'msnsspc.dll' Specified module not found
[25/09/2012 19:07:27] RegSvr32.exe: 'msr2c.dll' Specified module not found
[25/09/2012 19:07:27] RegSvr32.exe: 'msrating.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:27] RegSvr32.exe: 'mstime.dll' registration succeeded.
[25/09/2012 19:07:27] RegSvr32.exe: 'msxml.dll' registration succeeded.
[25/09/2012 19:07:27] RegSvr32.exe: 'ole32.dll' registration succeeded.
[25/09/2012 19:07:27] RegSvr32.exe: 'oleacc.dll' registration succeeded.
[25/09/2012 19:07:27] RegSvr32.exe: 'occache.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:28] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[25/09/2012 19:07:28] RegSvr32.exe: '"C:\Program Files\Internet Explorer\pdm.dll"' registration succeeded.
[25/09/2012 19:07:28] RegSvr32.exe: 'plugin.ocx' Specified module not found
[25/09/2012 19:07:28] RegSvr32.exe: 'pngfilt.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:28] RegSvr32.exe: 'proctexe.ocx' Specified module not found
[25/09/2012 19:07:28] RegSvr32.exe: 'scrobj.dll' Error number: 0x80070005
[25/09/2012 19:07:28] RegSvr32.exe: 'sendmail.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:28] RegSvr32.exe: 'setupwbv.dll' Specified module not found
[25/09/2012 19:07:29] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:29] RegSvr32.exe: 'tdc.ocx' registration succeeded.
[25/09/2012 19:07:29] RegSvr32.exe: 'url.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:29] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[25/09/2012 19:07:29] RegSvr32.exe: 'urlmon.dll,NI,HKLM' Specified module not found
[25/09/2012 19:07:29] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[25/09/2012 19:07:29] RegSvr32.exe: '"C:\Program Files\microsoft shared\vgx\vgx.dll"' Specified module not found
[25/09/2012 19:07:29] RegSvr32.exe: 'webcheck.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:29] Finished repairing Internet Explorer 8.0.6001

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:29] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:29] Stopping the BITS Service.....
[25/09/2012 19:07:29] BITS Stopped Successfully.
[25/09/2012 19:07:29] Stopping the Automatic Updates (wuauserv) Service.....
[25/09/2012 19:07:30] Automatic Updates (wuauserv) Service Stopped Successfully.
[25/09/2012 19:07:30] Clearing File Stores (Update History).....
[25/09/2012 19:07:30] Clearing [C:\Windows\SoftwareDistribution\Download].....
[25/09/2012 19:07:30] [C:\Windows\SoftwareDistribution\Download] Cleared.
[25/09/2012 19:07:30] Clearing [C:\Windows\SoftwareDistribution\DataStore].....
[25/09/2012 19:07:31] Clearing [C:\Windows\system32\CatRoot2].....
[25/09/2012 19:07:32] [C:\Windows\system32\CatRoot2] Cleared.
[25/09/2012 19:07:32] Setting BITS Security Descriptor.....
[25/09/2012 19:07:33] BITS Security Descriptor Set.
[25/09/2012 19:07:33] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[25/09/2012 19:07:33] Automatic Updates (wuauserv) Security Descriptor Set.
[25/09/2012 19:07:33] Configuring the Automatic Updates (wuauserv) Service.....
[25/09/2012 19:07:34] Automatic Updates (wuauserv) Service Configured.
[25/09/2012 19:07:34] Configuring BITS.....
[25/09/2012 19:07:34] BITS Configured.
[25/09/2012 19:07:34] Registering WUAU DLLs.....
[25/09/2012 19:07:34] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[25/09/2012 19:07:34] RegSvr32.exe: 'atl.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:35] RegSvr32.exe: 'corpol.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'dispex.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 19:07:35] RegSvr32.exe: 'jscript.dll' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:35] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[25/09/2012 19:07:35] RegSvr32.exe: 'msxml.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'msxml2.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'msxml4.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'muweb.dll' registration succeeded.
[25/09/2012 19:07:36] RegSvr32.exe: 'ole.dll' Specified module not found
[25/09/2012 19:07:37] RegSvr32.exe: 'ole32.dll' registration succeeded.
[25/09/2012 19:07:37] RegSvr32.exe: 'oleaut.dll' Specified module not found
[25/09/2012 19:07:37] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[25/09/2012 19:07:37] RegSvr32.exe: 'qmgr.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:37] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[25/09/2012 19:07:38] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[25/09/2012 19:07:38] RegSvr32.exe: 'shell.dll' Specified module not found
[25/09/2012 19:07:38] RegSvr32.exe: 'shell32.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'softpub.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'wshext.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[25/09/2012 19:07:39] RegSvr32.exe: 'wuaueng.dll' Error number: 0x80070005
[25/09/2012 19:07:39] RegSvr32.exe: 'wuaueng1.dll' Specified module not found
[25/09/2012 19:07:39] RegSvr32.exe: 'wucltui.dll' Specified module not found
[25/09/2012 19:07:40] RegSvr32.exe: 'wucltux.dll' registration succeeded.
[25/09/2012 19:07:40] RegSvr32.exe: 'wups.dll' registration succeeded.
[25/09/2012 19:07:40] RegSvr32.exe: 'wups2.dll' registration succeeded.
[25/09/2012 19:07:40] RegSvr32.exe: 'wuweb.dll' Specified module not found
[25/09/2012 19:07:40] RegSvr32.exe: 'wuwebv.dll' registration succeeded.
[25/09/2012 19:07:40] WUAU DLLs Reregistered.
[25/09/2012 19:07:40] Resetting proxy settings.....
[25/09/2012 19:07:40] Proxy settings reset successfully.
[25/09/2012 19:07:40] Restarting the Automatic Updates (wuauserv) Service.....
[25/09/2012 19:07:41] Automatic Updates (wuauserv) Service Restarted.
[25/09/2012 19:07:41] Restarting the BITS Service.....
[25/09/2012 19:07:41] BITS Service Restarted.
[25/09/2012 19:07:41] Clearing the BITS queue.....
[25/09/2012 19:07:46] BITS queue cleared.
[25/09/2012 19:07:46] Initiating Windows Updates detection right away.....
[25/09/2012 19:07:47] Finished repairing Windows Update / Automatic Updates.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:47] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:47] Configuring the Cryptographic Service.....
[25/09/2012 19:07:47] Cryptographic Service Configured.
[25/09/2012 19:07:47] Stopping the Cryptographic Service.....
[25/09/2012 19:07:47] Cryptographic service Stopped Successfully.
[25/09/2012 19:07:47] Clearing [C:\Windows\system32\CatRoot].....
[25/09/2012 19:07:47] [C:\Windows\system32\CatRoot] cleared.
[25/09/2012 19:07:47] Re-registering SSL / HTTPS / Cryptography DLLs.....
[25/09/2012 19:07:47] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'initpki.dll' Specified module not found
[25/09/2012 19:07:48] RegSvr32.exe: 'licdll.dll' Specified module not found
[25/09/2012 19:07:48] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'regwizc.dll' Specified module not found
[25/09/2012 19:07:48] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[25/09/2012 19:07:48] RegSvr32.exe: 'scardssp.dll' Specified module not found
[25/09/2012 19:07:48] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[25/09/2012 19:07:49] RegSvr32.exe: 'scecli.dll' registration succeeded.
[25/09/2012 19:07:49] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[25/09/2012 19:07:49] RegSvr32.exe: 'softpub.dll' registration succeeded.
[25/09/2012 19:07:49] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[25/09/2012 19:07:49] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[25/09/2012 19:07:49] SSL / HTTPS / Cryptography DLLs re-registered.
[25/09/2012 19:07:50] Restarting the Cryptographic Service.....
[25/09/2012 19:07:50] Cryptographic Service restarted.
[25/09/2012 19:07:50] Finished repairing SSL / HTTPS / Cryptography service.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:50] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:50] Windows Firewall configuration reset successful.
[25/09/2012 19:07:50] Finished resetting the Windows Firewall configuraton.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:51] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:51] Writing data to the HOSTS file.....
[25/09/2012 19:07:51] HOSTS file created successfully.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:51] Repairing Workgroup Computers view, Please wait.....
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:51] Finished repairing Workgroup Computers view.

-----------------------------------------------------------------------------------------
[25/09/2012 19:07:51] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[25/09/2012 19:07:54] Your computer is restarting now.....

-----------------------------------------------------------------------------------------

#27
Nedklaw

Posted 30 September 2012 - 10:26 AM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Let me know if you can access the internet after running the following OTL fix.

Step 1

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Commands 
[CREATERESTOREPOINT] 

:OTL 
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Files
ipconfig /flushdns /c
netsh winsock reset /c
ipconfig /release /c
ipconfig /renew /c
ipconfig /all /c

:Commands 
[emptytemp]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

OTL Fix Log
OTL.txt

#28
MikeyTexas

Posted 30 September 2012 - 11:07 AM

Member

Topic Starter
Member
17 posts

Hello

I did the Fix and have the reports. I still have the Unidentified network and no internet. There is an odd message in the Fix report about "media disconnected", so not sure what that means. I can see that my computer is connected to the router as the light is lit in the terminal the ethernet connects to.

Thanks for you help

FIX

All processes killed
========== COMMANDS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c

>
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael Grantham\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Grantham\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c

>
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Michael Grantham\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Grantham\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c
>
Windows IP Configuration
No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
An error occurred while releasing interface Local Area Connection : An address has not yet been associated with the network endpoint.
C:\Users\Michael Grantham\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Grantham\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c
>
Windows IP Configuration
No operation can be performed on Local Area Connection* 14 while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
An error occurred while renewing interface Local Area Connection : The support for the specified socket type does not exist in this address family.

C:\Users\Michael Grantham\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Grantham\Desktop\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Dell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-98-0C-91-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-AD-99-9C-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-0D-C0-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2921:2eb3:6b79:8a04%9(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.138.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234889627
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-10-14-0E-00-21-9B-0D-C0-7D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection*:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{44C90F80-ABBA-45E7-ADA7-34981579C325}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{803BEDED-0604-417D-B848-9279D71B5F88}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{AD999CEE-11E4-46A7-85EB-AC99863B35DB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Michael Grantham\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Grantham\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [emptytemp] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.61.3 log created on 09302012_114814

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL SCAN

OTL logfile created on: 09/30/2012 11:55:22 AM - Run 6
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Michael Grantham\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.24 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 70.94% Memory free
6.67 Gb Paging File | 5.82 Gb Available in Paging File | 87.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 168.38 Gb Free Space | 56.50% Space Free | Partition Type: NTFS
Drive E: | 3.73 Gb Total Space | 3.46 Gb Free Space | 92.86% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Michael Grantham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/12 15:39:35 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe
PRC - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010/11/11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/07/21 20:17:20 | 000,069,632 | ---- | M] () -- C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
PRC - [2009/05/21 12:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 18:45:25 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2012/05/09 05:55:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012/05/09 05:52:55 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 05:52:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/07 11:52:46 | 002,646,020 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe -- (CFUACProxy_officeguardianv2n35)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/07/21 20:17:20 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe -- (wgsslvpnsrc)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/03 19:06:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/09 07:27:18 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/11/11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010/11/11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/11/11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/11/11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/11/11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/07/21 20:17:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/10 23:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/20 21:21:33 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/03 15:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVBulk.sys -- (LVBulk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 7B 91 B3 17 EC CB 01 [binary data]
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-13 16:42:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://camsmd.com/ad.../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.15
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: [email protected]:3.55
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.83
FF - prefs.js..keyword.URL: "https://isearch.avg....2:31&sap=ku&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/09/24 17:55:09 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/06/11 06:47:47 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@livecode.runrev.com/LiveCode Player;version=1: C:\Users\Michael Grantham\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Grantham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/14 18:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 10:28:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/04 15:20:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/24 18:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions
[2011/05/06 10:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/13 17:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012/03/09 14:34:43 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\qrptoolbar@leapforceathome(184).com
[2012/09/13 16:30:09 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/07/29 08:31:28 | 000,005,582 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/06/01 07:58:03 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/09/11 06:33:21 | 000,335,583 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/05/04 13:19:53 | 000,344,888 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2011/11/14 22:43:31 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2011/01/16 11:06:42 | 000,001,832 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\searchplugins\bing.xml
[2012/09/12 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/09/13 16:42:16 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/25 19:07:51 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: acddirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([training] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: cingularuniversity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: convergysworkathome.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([qtwu1.turbotaxonline] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: penson.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualized.biz ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: wireless.att.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} https://iportal.west...erification.ocx (WAHSystemVerification.axVerify)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238598588234 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://extranet.int...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: GCSPlayerAxCab https://gcslearn.par...PlayerAxCab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD999CEE-11E4-46A7-85EB-AC99863B35DB}: DhcpNameServer = 172.17.5.27 172.17.5.28
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 11:48:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/30 10:31:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/25 18:56:24 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\Complete Internet Repair
[2012/09/23 15:52:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/23 14:06:21 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/23 13:43:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/19 20:34:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 18:42:39 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/19 18:28:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/19 18:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/19 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/09/19 18:23:16 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\G2G 0919
[2012/09/17 17:40:47 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/17 17:11:37 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\0917 Geeks to go
[2012/09/15 21:16:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\temp
[2012/09/15 21:05:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/15 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/15 21:03:44 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/14 16:42:24 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\DG Pics
[2012/09/13 19:21:59 | 000,307,293 | ---- | C] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:58 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RK_Quarantine
[2012/09/13 16:44:49 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2012/09/13 16:42:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/09/13 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\MFAData
[2012/09/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\Avg2013
[2012/09/13 16:35:01 | 004,411,392 | ---- | C] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 15:33:16 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:23:11 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\TDSS Killer
[2012/09/13 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\GooredFix Backups
[2012/09/13 15:13:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:05:23 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/13 15:03:29 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:49:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\RegistryBackup
[2012/09/13 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\erunt
[2012/09/13 14:40:21 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/13 08:12:07 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\adawarebp
[2012/09/13 07:57:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/09/12 19:24:34 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Roaming\Malwarebytes
[2012/09/12 19:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/12 19:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 03:13:57 | 000,024,576 | ---- | C] (BackWeb) -- C:\Users\Michael Grantham\AppData\Local\TempIadHide3.dll

========== Files - Modified Within 30 Days ==========

[2012/09/30 11:57:44 | 000,666,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/30 11:57:43 | 000,129,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/30 11:49:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 11:49:36 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:49:36 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:49:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 11:49:30 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/30 11:44:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/30 11:19:20 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
[2012/09/30 10:36:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A2EB84AC-F0D6-4C6D-AC7A-CCE5C4C202C4}.job
[2012/09/27 08:38:49 | 000,051,266 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\TTbookmark09272012.htm
[2012/09/25 19:07:51 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/25 18:54:48 | 000,650,870 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\complete-int-repair.exe
[2012/09/24 14:19:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
[2012/09/24 12:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/23 17:35:44 | 000,003,132 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\EventSystem.reg
[2012/09/23 17:35:08 | 000,006,288 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\BITS.reg
[2012/09/23 17:34:52 | 000,006,176 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\wuauserv.reg
[2012/09/23 17:34:32 | 000,005,256 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\wscsvc.reg
[2012/09/23 17:34:04 | 000,020,254 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\VSS.reg
[2012/09/23 17:33:40 | 000,002,066 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\SDRSVC.reg
[2012/09/23 16:05:59 | 000,317,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/23 15:53:09 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/23 15:43:17 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/09/23 11:59:03 | 000,001,356 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2012/09/23 11:49:46 | 000,007,166 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\services.zip
[2012/09/19 20:27:43 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_482
[2012/09/19 18:42:51 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:26:48 | 000,346,950 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:26:25 | 005,313,275 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/17 17:34:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_792
[2012/09/17 17:17:14 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\FSS.exe
[2012/09/15 21:03:44 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Michael Grantham\Desktop\ComboFix.exe
[2012/09/15 13:23:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/09/14 16:45:58 | 126,310,400 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:26 | 000,621,056 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 19:21:59 | 000,307,293 | ---- | M] (Farbar) -- C:\Users\Michael Grantham\Desktop\ListParts.exe
[2012/09/13 17:33:32 | 001,378,816 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 16:35:02 | 004,411,392 | ---- | M] (AVG Technologies) -- C:\Users\Michael Grantham\Desktop\avg_free_stb_all_2013_2667_cnet.exe
[2012/09/13 16:31:07 | 000,131,072 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 15:33:20 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael Grantham\Desktop\tdsskiller.exe
[2012/09/13 15:20:58 | 002,193,184 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 15:13:30 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Michael Grantham\Desktop\GooredFix.exe
[2012/09/13 15:03:31 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTM.exe
[2012/09/13 14:58:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
[2012/09/13 13:54:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/13 06:37:54 | 000,000,050 | R--- | M] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/12 08:38:13 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/09/12 08:38:13 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/09/01 20:32:09 | 000,084,452 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/08/31 17:18:45 | 000,002,093 | ---- | M] () -- C:\Users\Michael Grantham\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/09/30 10:36:00 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A2EB84AC-F0D6-4C6D-AC7A-CCE5C4C202C4}.job
[2012/09/30 08:06:53 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/27 08:38:48 | 000,051,266 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\TTbookmark09272012.htm
[2012/09/25 18:56:10 | 000,650,870 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\complete-int-repair.exe
[2012/09/23 11:51:06 | 000,006,288 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\BITS.reg
[2012/09/23 11:51:06 | 000,006,176 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\wuauserv.reg
[2012/09/23 11:51:06 | 000,003,132 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\EventSystem.reg
[2012/09/23 11:51:05 | 000,020,254 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\VSS.reg
[2012/09/23 11:51:05 | 000,005,256 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\wscsvc.reg
[2012/09/23 11:51:05 | 000,002,066 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\SDRSVC.reg
[2012/09/23 11:50:44 | 000,007,166 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\services.zip
[2012/09/19 20:25:08 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/19 18:42:51 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/19 18:28:39 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/19 18:28:05 | 000,346,950 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\SharedAccess.reg
[2012/09/19 18:28:01 | 005,313,275 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/14 16:43:50 | 126,310,400 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RepairDiscWindowsVista32-bit.iso
[2012/09/14 16:43:25 | 000,621,056 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\WiNToBootic.exe
[2012/09/13 18:54:19 | 000,131,072 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-09-13-1.rateraide
[2012/09/13 17:33:31 | 001,378,816 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RogueKiller.exe
[2012/09/13 15:16:31 | 002,193,184 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\tdsskiller.zip
[2012/09/13 13:50:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/12 20:48:18 | 000,000,050 | R--- | C] () -- C:\Users\Michael Grantham\Desktop\stinger092012.opt
[2012/09/01 20:32:09 | 000,084,452 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\RaterAide.backup
[2012/06/28 16:53:16 | 000,000,886 | ---- | C] () -- C:\Users\Michael Grantham\.recently-used.xbel
[2012/01/20 14:34:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/20 14:34:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/29 12:46:53 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 08:10:23 | 000,135,702 | ---- | C] () -- C:\Windows\hpwins10.dat.osupcopy
[2011/10/04 08:09:28 | 000,136,359 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2011/10/04 08:09:28 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2011/10/04 08:08:57 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2011/09/25 08:40:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/25 08:40:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 08:39:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/25 08:39:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/25 06:30:06 | 000,005,632 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 19:55:16 | 000,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll
[2011/09/24 19:55:16 | 000,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll
[2011/09/24 19:55:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll
[2011/09/24 19:54:48 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/24 19:37:16 | 000,001,356 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2011/09/24 18:25:18 | 000,022,732 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/28 19:38:28 | 000,000,664 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2011/07/13 09:14:58 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/07/13 09:13:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/07/13 09:12:42 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/03/23 11:15:57 | 000,044,602 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Juniper Networks
[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Juniper Networks
[2011/09/24 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\acccore
[2012/07/29 07:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Ad-Aware Antivirus
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Avaya
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG10
[2012/09/13 16:44:49 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG2013
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG9
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CoffeeCup Software
[2011/12/23 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CvgQuickConnect
[2011/09/24 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\DassaultSystemes
[2012/06/28 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\gtk-2.0
[2012/03/10 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\ICAClient
[2012/06/28 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Image Zone Express
[2012/07/02 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Juniper Networks
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\OpenOffice.org
[2011/09/24 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\PCDr
[2011/09/24 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Printer Info Cache
[2011/10/05 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Recordpad
[2011/10/12 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\RightNow_Technologies
[2012/05/07 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\SecondLife
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Template
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Thunderbird
[2012/09/13 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/05/23 05:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Utherverse
[2012/08/05 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\uTorrent
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VirtualStore
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VS Media Inc
[2011/10/12 08:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\WatchGuard
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\webex
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Desktop Search
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Search
[2011/09/22 16:47:32 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\debutShakeIcon.job
[2011/09/30 12:46:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\expressShakeIcon.job
[2008/01/20 21:54:58 | 000,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/06 12:47:00 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\scribeShakeIcon.job
[2012/09/30 10:36:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A2EB84AC-F0D6-4C6D-AC7A-CCE5C4C202C4}.job

========== Purity Check ==========

< End of report >

#29
Nedklaw

Posted 05 October 2012 - 03:52 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

If Step 1 fixes the internet issue then you don't have to proceed with steps 2-4.

Step 1

Unplug the cables connected to your router and then re-plug them back into your router.

Step 2

I would like you to check out the AFD service for me.

Go to Device Manager by typing Device Manager into the Search box.
Under View select Show hidden devices.
Click Non-Plug and Play Drivers.
Right click Ancillary Fuction Device Driver for Winsock.
Select Properties.
Select the Driver tab.
Is the driver started?
If not then select Start.

Step 3

Please tell me the name of your computer model and its number.

Step 4

Click Start.
Type Device Manager into the Search box and click on the program.
Click on the arrow next to Network Adapters.
Tell me the exact names of all of the drivers that are listed in your next reply.

#30
Nedklaw

Posted 13 October 2012 - 12:38 PM

Trusted Helper

Malware Removal
1,652 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.