Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect after File Recovery trojan - have tried the How to art


  • This topic is locked This topic is locked

#31
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
When you restore your computer to an earlier time, the malware can also be restored. Although you are experiencing no symptoms, the computer might not be clean. I want to get a fresh OTL log to verify this.


Step 1

  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL.txt

  • 0

Advertisements


#32
MikeyTexas

MikeyTexas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for re-opening.

The only issue I have now is that I am unable to see the local network, or share files. I have internet, but can not enable network functions for sharing. They immediately turn back off when I click on in Network & Sharing.

When I turn off my Firewall, I have sharing, but when I re-enable the firewall, I can not activate the sharing services.

It appears my sharing Firewall settings have been wiped out in Vista, but internet is fine.

Here is the report as requested.



OTL logfile created on: 10/21/2012 4:41:05 AM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Michael Grantham\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

3.24 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 56.48% Memory free
6.67 Gb Paging File | 5.37 Gb Available in Paging File | 80.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.03 Gb Total Space | 163.67 Gb Free Space | 54.92% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Michael Grantham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/12 05:23:17 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/03 05:08:44 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/30 20:22:17 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/30 20:20:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/13 16:42:22 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/13 14:40:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Grantham\Desktop\OTL.exe
PRC - [2012/09/05 20:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michael Grantham\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe
PRC - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe
PRC - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/05/21 12:14:02 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/05/23 21:02:36 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\pmxmiced.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/12 05:23:16 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/03 05:08:44 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/13 16:42:26 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/05 20:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/30 18:45:25 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2012/05/09 05:55:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3b7181bb19dd5dd74cd063f0312cdf57\System.Xml.ni.dll
MOD - [2012/05/09 05:52:55 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/09 05:52:40 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2012/09/13 16:42:22 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/09 07:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/09/07 11:52:46 | 002,646,020 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/19 08:58:49 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2011/07/19 08:58:49 | 000,083,792 | R--- | M] (Storage Appliance Corp.) [Auto | Running] -- C:\ProgramData\OfficeGuardianV2N35\UACProxy.exe -- (CFUACProxy_officeguardianv2n35)
SRV - [2011/05/06 11:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/25 22:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/02/25 19:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/12/03 19:06:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/09/13 16:42:27 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/09 07:27:18 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/21 20:17:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/07/14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/02/22 02:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/20 21:21:33 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/03 15:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\System32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129)
DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 16:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2002/06/10 14:24:22 | 000,188,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvvi500a.sys -- (LVVI500A)
DRV - [2002/06/10 14:21:02 | 000,010,254 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVBulk.sys -- (LVBulk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081204
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://camsmd.com/admin/ [binary data]
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 7B 91 B3 17 EC CB 01 [binary data]
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-13 16:42:31&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://camsmd.com/ad.../?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.9.3
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.8.5
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.17
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:3.55
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.83


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/09/30 19:52:12 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program [2012/10/14 07:29:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@livecode.runrev.com/LiveCode Player;version=1: C:\Users\Michael Grantham\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael Grantham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Grantham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/10/03 05:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/03 06:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/13 05:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/03 06:49:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/10/03 06:49:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/09/24 18:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions
[2011/05/06 10:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/17 16:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions
[2012/10/14 07:14:05 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/03/09 14:34:43 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected](184).com
[2012/10/20 16:38:41 | 000,000,000 | ---D | M] (Leapforce - Search Engine Evaluator Toolbar) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/10/01 20:06:24 | 000,005,781 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/06/01 07:58:03 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/10/17 16:24:10 | 000,298,318 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/10/03 05:29:01 | 000,474,990 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\[email protected]
[2012/10/01 20:06:24 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/10/01 20:07:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/11/14 22:43:31 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2011/01/16 11:06:42 | 000,001,832 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Roaming\Mozilla\Firefox\Profiles\hpyoio3j.default\searchplugins\bing.xml
[2012/10/13 05:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/13 05:44:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/13 05:44:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/10/03 05:08:43 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: YouTube = C:\Users\Michael Grantham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michael Grantham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Michael Grantham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/01 17:23:05 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005..\Run: [Akamai NetSession Interface] C:\Users\Michael Grantham\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Michael Grantham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: acddirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([training] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: callswithoutwalls.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: cingularuniversity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: convergysworkathome.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([qtwu1.turbotaxonline] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: penson.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualacd.biz ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: virtualized.biz ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Domains: wireless.att.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {34B453C6-CFE8-4806-B0F0-A0E06FFEBF5E} https://iportal.west...erification.ocx (WAHSystemVerification.axVerify)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238598588234 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://extranet.int...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: GCSPlayerAxCab https://gcslearn.par...PlayerAxCab.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44C90F80-ABBA-45E7-ADA7-34981579C325}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD999CEE-11E4-46A7-85EB-AC99863B35DB}: DhcpNameServer = 172.17.5.27 172.17.5.28
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Michael Grantham\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b4686217-ee9e-11e1-b25e-00219b0dc07d}\Shell - "" = AutoRun
O33 - MountPoints2\{b4686217-ee9e-11e1-b25e-00219b0dc07d}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 07:29:46 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/10/13 05:43:21 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2012/10/04 05:10:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\AVG Secure Search
[2012/10/03 06:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/03 05:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/02 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\Dell-10022012-Installs
[2012/10/02 12:29:33 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\Akamai
[2012/10/02 04:55:59 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\CamsMD.com Backups
[2012/10/01 17:48:48 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/01 17:48:48 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/01 17:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/01 17:48:45 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/01 17:48:44 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/01 17:48:43 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/01 17:48:41 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/01 17:48:20 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/01 17:48:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/01 17:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/01 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/01 12:24:30 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\AppData\Local\ElevatedDiagnostics
[2012/10/01 11:38:53 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/01 11:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/10/01 10:00:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/10/01 06:19:35 | 000,000,000 | ---D | C] -- C:\Users\Michael Grantham\Desktop\Geeks2Go-Refirect-09132012
[2012/09/30 20:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/30 16:25:16 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/09/30 11:48:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/23 15:52:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/07/14 03:13:57 | 000,024,576 | ---- | C] (BackWeb) -- C:\Users\Michael Grantham\AppData\Local\TempIadHide3.dll

========== Files - Modified Within 30 Days ==========

[2012/10/21 04:43:48 | 000,666,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/21 04:43:48 | 000,129,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/21 04:38:38 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C8B0827F-0F51-4E52-A980-3D471213F2C1}.job
[2012/10/21 04:36:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 04:36:19 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 04:36:19 | 000,002,000 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 04:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 04:36:07 | 3478,310,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 20:29:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005UA.job
[2012/10/20 20:29:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1885834091-318630671-1701898132-1005Core.job
[2012/10/20 20:29:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 16:50:04 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-20.rateraide
[2012/10/20 13:23:06 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2012/10/20 12:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/10/19 20:45:50 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-19.rateraide
[2012/10/18 21:13:10 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-18-2.rateraide
[2012/10/18 20:07:48 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-18-1.rateraide
[2012/10/18 14:05:58 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-18.rateraide
[2012/10/17 21:27:14 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-17.rateraide
[2012/10/16 21:35:31 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-16.rateraide
[2012/10/15 23:49:27 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-15.rateraide
[2012/10/15 16:13:17 | 000,296,865 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\gomez del moral 510 202 05 hist west civ II.pdf
[2012/10/15 05:50:21 | 000,316,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/14 12:55:19 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-14-2.rateraide
[2012/10/14 12:00:55 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-14-1.rateraide
[2012/10/14 07:31:17 | 000,001,028 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/10/14 06:57:50 | 000,196,608 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-14.rateraide
[2012/10/13 16:17:53 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-13.rateraide
[2012/10/12 21:35:24 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-12-1.rateraide
[2012/10/12 09:53:13 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-12.rateraide
[2012/10/11 21:30:35 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-11-1.rateraide
[2012/10/11 19:59:30 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-11.rateraide
[2012/10/11 05:32:07 | 000,002,093 | ---- | M] () -- C:\Users\Michael Grantham\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 20:09:20 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-10-1.rateraide
[2012/10/10 10:36:36 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-10.rateraide
[2012/10/09 20:19:00 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-09.rateraide
[2012/10/08 21:00:44 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-08.rateraide
[2012/10/07 15:55:41 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-07.rateraide
[2012/10/06 17:21:49 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-06.rateraide
[2012/10/05 20:27:46 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-05.rateraide
[2012/10/04 20:43:50 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-04.rateraide
[2012/10/03 21:02:52 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-03-1.rateraide
[2012/10/03 06:12:23 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-03.rateraide
[2012/10/02 20:27:27 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-02-1.rateraide
[2012/10/02 10:28:52 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-02.rateraide
[2012/10/02 04:38:55 | 000,000,943 | ---- | M] () -- C:\Users\Michael Grantham\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 21:28:08 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-01-1.rateraide
[2012/10/01 19:34:34 | 000,163,840 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\2012-10-01.rateraide
[2012/10/01 19:08:28 | 000,058,974 | ---- | M] () -- C:\Users\Michael Grantham\Desktop\bookmarksToshiba10012012ff.html
[2012/10/01 17:48:41 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/01 17:32:17 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/01 17:23:05 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/01 11:37:39 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/09/30 17:21:01 | 000,000,563 | ---- | M] () -- C:\Users\Michael Grantham\Documents\feeds-IE-09302012.opml
[2012/09/23 11:59:03 | 000,001,356 | ---- | M] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2012/10/20 17:38:38 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-20.rateraide
[2012/10/19 20:49:33 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-19.rateraide
[2012/10/18 21:14:29 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-18-2.rateraide
[2012/10/18 20:37:46 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-18-1.rateraide
[2012/10/18 14:58:29 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-18.rateraide
[2012/10/17 21:28:29 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-17.rateraide
[2012/10/16 21:36:32 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-16.rateraide
[2012/10/16 13:06:34 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C8B0827F-0F51-4E52-A980-3D471213F2C1}.job
[2012/10/15 23:50:23 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-15.rateraide
[2012/10/15 16:13:13 | 000,296,865 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\gomez del moral 510 202 05 hist west civ II.pdf
[2012/10/14 12:56:15 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-14-2.rateraide
[2012/10/14 12:02:05 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-14-1.rateraide
[2012/10/14 07:31:17 | 000,001,028 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/10/14 07:08:13 | 000,196,608 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-14.rateraide
[2012/10/13 16:19:48 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-13.rateraide
[2012/10/12 21:38:34 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-12-1.rateraide
[2012/10/12 09:57:04 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-12.rateraide
[2012/10/11 21:31:15 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-11-1.rateraide
[2012/10/11 20:09:27 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-11.rateraide
[2012/10/10 20:12:16 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-10-1.rateraide
[2012/10/10 10:47:59 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-10.rateraide
[2012/10/09 20:19:48 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-09.rateraide
[2012/10/08 21:02:03 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-08.rateraide
[2012/10/07 18:39:30 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-07.rateraide
[2012/10/06 17:22:58 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-06.rateraide
[2012/10/05 20:28:51 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-05.rateraide
[2012/10/04 20:45:40 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-04.rateraide
[2012/10/03 21:03:52 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-03-1.rateraide
[2012/10/03 06:53:18 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-03.rateraide
[2012/10/02 20:29:45 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-02-1.rateraide
[2012/10/02 12:27:47 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-02.rateraide
[2012/10/01 21:28:30 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-01-1.rateraide
[2012/10/01 20:27:20 | 000,058,974 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\bookmarksToshiba10012012ff.html
[2012/10/01 20:02:37 | 000,163,840 | ---- | C] () -- C:\Users\Michael Grantham\Desktop\2012-10-01.rateraide
[2012/10/01 11:37:39 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DELL-Microsoft®-Windows-Vista™-Ultimate-(32-bit).dat
[2012/10/01 06:01:51 | 3478,310,912 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/30 17:21:01 | 000,000,563 | ---- | C] () -- C:\Users\Michael Grantham\Documents\feeds-IE-09302012.opml
[2012/09/13 15:53:15 | 000,135,598 | ---- | C] () -- C:\Users\Michael Grantham\wnxvzarqhdvihrdemcgprfqkt.exe
[2012/09/13 07:51:08 | 000,018,798 | ---- | C] () -- C:\Users\Michael Grantham\sheeomaytnrmqrbgvugtgh.exe
[2012/06/28 16:53:16 | 000,000,886 | ---- | C] () -- C:\Users\Michael Grantham\.recently-used.xbel
[2012/01/20 14:34:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/01/20 14:34:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/29 12:46:53 | 000,000,590 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/04 08:10:23 | 000,135,702 | ---- | C] () -- C:\Windows\hpwins10.dat.osupcopy
[2011/10/04 08:09:28 | 000,136,359 | ---- | C] () -- C:\Windows\hpwins10.dat.temp
[2011/10/04 08:09:28 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat.temp
[2011/10/04 08:08:57 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2011/09/25 08:40:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/25 08:40:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/25 08:39:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/25 08:39:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/25 06:30:06 | 000,005,632 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/24 19:55:16 | 000,294,912 | ---- | C] () -- C:\Windows\System32\liplW7.dll
[2011/09/24 19:55:16 | 000,290,816 | ---- | C] () -- C:\Windows\System32\liplA6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplPX.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplP6.dll
[2011/09/24 19:55:16 | 000,278,528 | ---- | C] () -- C:\Windows\System32\liplM6.dll
[2011/09/24 19:55:16 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lipl.dll
[2011/09/24 19:54:48 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/24 19:37:16 | 000,001,356 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Local\d3d9caps.dat
[2011/09/24 18:25:18 | 000,022,732 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/28 19:38:28 | 000,000,664 | ---- | C] () -- C:\Windows\System32\d3d9caps.dat
[2011/07/13 09:14:58 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/07/13 09:13:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/07/13 09:12:42 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/03/23 11:15:57 | 000,044,602 | ---- | C] () -- C:\Users\Michael Grantham\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Juniper Networks
[2011/09/24 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Juniper Networks
[2011/09/24 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\acccore
[2012/07/29 07:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Ad-Aware Antivirus
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Avaya
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG10
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG9
[2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CoffeeCup Software
[2011/12/23 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\CvgQuickConnect
[2011/09/24 18:08:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\DassaultSystemes
[2012/06/28 17:40:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\gtk-2.0
[2012/03/10 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\ICAClient
[2012/06/28 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Image Zone Express
[2012/07/02 09:34:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Juniper Networks
[2011/09/24 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\OpenOffice.org
[2011/09/24 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\PCDr
[2011/09/24 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Printer Info Cache
[2011/10/05 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Recordpad
[2011/10/12 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\RightNow_Technologies
[2012/05/07 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\SecondLife
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Template
[2011/09/24 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Thunderbird
[2012/09/13 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\TuneUp Software
[2012/05/23 05:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Utherverse
[2012/10/13 05:44:20 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\uTorrent
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VirtualStore
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\VS Media Inc
[2011/10/12 08:38:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\WatchGuard
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\webex
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Desktop Search
[2011/09/24 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\Windows Search
[2011/09/22 16:47:32 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\debutShakeIcon.job
[2011/09/30 12:46:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\expressShakeIcon.job
[2011/09/24 15:59:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2008/01/20 21:54:58 | 000,003,456 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/06 12:47:00 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\scribeShakeIcon.job
[2011/09/24 15:52:00 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2012/10/21 04:38:38 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C8B0827F-0F51-4E52-A980-3D471213F2C1}.job
[2011/10/03 05:29:00 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\webdictateShakeIcon.job

========== Purity Check ==========



< End of report >
  • 0

#33
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Uninstall AVG or AVAST via:
  • Control Panel
  • Uninstall a Program

Step 2

Please uninstall the following program via Control Panel > Uninstall a Program (if present):

  • Viewpoint (Manager, Media Player, etc.)

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.



Step 3

  • Quit all programs.
  • Start RogueKiller.exe.
  • Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
  • Wait until the Prescan has finished.
  • Click on Scan.

    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
  • The report has been created on the desktop.
  • Next click on ShortcutsFix.
  • The report has been created on the desktop.

Step 4

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL 
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
    O3 - HKU\S-1-5-21-1885834091-318630671-1701898132-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://javadl-esd.su...indows-i586.cab (Java Plug-in 1.5.0_10)
    [2012/09/13 15:53:15 | 000,135,598 | ---- | C] () -- C:\Users\Michael Grantham\wnxvzarqhdvihrdemcgprfqkt.exe
    [2012/09/13 07:51:08 | 000,018,798 | ---- | C] () -- C:\Users\Michael Grantham\sheeomaytnrmqrbgvugtgh.exe
    [2011/09/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Michael Grantham\AppData\Roaming\AVG9
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 5

Run Farbar Service Scanner.

  • Tick "All" of the options.

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • All RKreport.txt files
  • OTL Fix Log
  • OTL.txt
  • FSS.txt

  • 0

#34
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP