Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

persistent browser redirects, looks like TopArcadeHits - need help rem

Started by Robin_DUDE_notChick , Jun 29 2013 10:56 AM

  • This topic is locked This topic is locked

#1
Robin_DUDE_notChick
Posted 29 June 2013 - 10:56 AM

Robin_DUDE_notChick

    New Member

  • Member
  • Pip
  • 3 posts
(Side note: I like the way that your text editor facilitates the text markup for non-techies.)

I'm having persistent problems with redirects when using Firefox 22 in WinXP SP-3 on a custom-built machine. The malware seems to locate the clickable buttons on a website and overlay them with a transparent hotspot to the redirected URL. I have not been able to eliminate the problem and would greatly appreciate your guidance. (Thanks in advance.) Here's the detailed info:

How the Infection Was Acquired
I went to apple.com to download iTunes for my PC. Everything seemed "normal" until I clicked the Download button on the iTunes page (http://www.apple.com/itunes/download/). It opened a new tab (unnoticed) and I just opened History to copy the URL (it was there last night) but the entire history from the time of clicking the download button at iTunes until the time of when I ran the "Uninstall Top Arcade Hits" has been removed. So, it looks to me as if the "uninstaller" just erases the ability to trace what websites were involved in the infection by removing them from the browser history. After clicking the Download button had taken me to that fake URL, I couldn't get iTunes to download at all, so I opened Chrome and IE and downloaded iTunes from the same page (http://www.apple.com/itunes/download/) without any problem. So, maybe this is coming in through a hole in Firefox 22, since it's not running in IE or Chrome.

Steps Taken before Accessing GeeksToGo
  • Noticed that there was a new "program" appearing in my Start menu called Top Arcade Hits. I clicked it's uninstaller, but the thing persisted. So, I went through Control Panel > Add/Remove Programs, and it spawned the same uninstaller .exe that's in the menu. It prompted reboot to complete uninstall and opened a tab in browser at www.toparcadehits.com/exitsurvey. After rebooting, it persisted in the Start Menu.
  • Made sure AVG Free is updated then ran full scan. It found a low-level warning about a broken digital signature on some file that it wouldn't clean, and I couldn't find it to uninstall it.
  • Explored the Start Menu, used Properties > Find Target to get to the TopArcadeHits folder, shift-deleted the whole folder, then went back to the shortcuts in Start Menu and shift-deleted them, too.
  • Checked Firefox Tools>Add-ons and found a listing for "TopArcadeHits 1.0" and clicked Remove. Restarted Firefox. It persisted in the Add-ons list, only now without the Remove button. So, I clicked Disable.
  • Made sure Malwarebytes is updated and ran Malwarebytes full scan. Found nothing.

OTL Log
OTL logfile created on: 6/29/2013 11:10:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\software\malware removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 34.98% Memory free
5.33 Gb Paging File | 3.21 Gb Available in Paging File | 60.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 208.96 Gb Free Space | 35.05% Space Free | Partition Type: NTFS

Computer Name: RAPIDO | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/29 11:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\software\malware removal\OTL.exe
PRC - [2013/06/28 20:52:41 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2013/06/28 20:52:38 | 000,017,304 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
PRC - [2013/06/28 16:56:56 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/25 12:27:22 | 000,251,144 | ---- | M] (FoodBuzz) -- C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\acrotray.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/06 20:00:12 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/12/06 19:59:24 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 07:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 07:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/08/04 15:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/07/19 09:23:08 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/01/05 10:13:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office2007\Office12\GrooveMonitor.exe
PRC - [2008/10/03 23:45:12 | 000,960,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/03 23:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/10/03 23:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/03 23:23:30 | 004,344,472 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/18 19:01:56 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/09/20 20:20:26 | 000,028,672 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe
PRC - [2007/09/20 20:20:02 | 000,507,904 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3Server.exe
PRC - [2002/12/20 15:17:00 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/28 20:52:39 | 003,522,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\mozjs.dll
MOD - [2013/06/27 10:05:31 | 000,110,920 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\Webification.DLL
MOD - [2013/06/18 16:08:18 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/06/17 12:20:16 | 016,033,160 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/16 15:27:58 | 013,345,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\dc0c74bc42bbaeffcb7158c7ed0f1653\System.Data.Entity.ni.dll
MOD - [2013/05/16 14:50:27 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\d710cd0ec1e8fd768d4cf8c32775a220\System.Data.OracleClient.ni.dll
MOD - [2013/05/16 14:50:18 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 14:50:16 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013/05/16 13:33:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/16 11:21:27 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:15:35 | 018,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/16 11:15:29 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll
MOD - [2013/05/16 11:15:16 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/16 11:15:14 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:15:04 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/16 11:15:00 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/16 11:14:55 | 000,749,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\aaf1949171dfbfcd4669ed8ba6cd3f10\System.Security.ni.dll
MOD - [2013/05/16 11:14:54 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/04/17 18:46:04 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/04/17 18:46:01 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll
MOD - [2013/04/17 18:45:58 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013/04/17 18:45:44 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013/04/17 18:45:44 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/04/17 18:45:44 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013/04/17 18:45:08 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/04/17 18:36:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/04/17 18:36:15 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/04/17 18:35:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/04/17 18:35:50 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0ce6b74fddd392d58cb1b0afde82d22b\System.DirectoryServices.ni.dll
MOD - [2013/04/17 18:24:11 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/04/17 18:23:56 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/04/17 18:22:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/04/17 18:22:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/04/17 18:22:21 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/04/17 18:22:20 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/04/17 18:22:19 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll
MOD - [2013/04/17 18:21:52 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/04/17 18:21:41 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/04/17 18:21:35 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll
MOD - [2013/04/17 18:18:40 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/12/06 20:00:00 | 000,121,232 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\ReportBridge.DLL
MOD - [2012/12/06 19:59:54 | 000,138,128 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QBMAPILibrary.dll
MOD - [2012/12/06 19:59:50 | 000,020,880 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QBCompressor.DLL
MOD - [2012/12/06 19:59:48 | 000,070,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QB2WPFBridge.dll
MOD - [2012/12/06 19:59:44 | 000,042,384 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\mbpopup.dll
MOD - [2012/12/06 19:59:42 | 000,093,072 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\IPDWidgetInterop.dll
MOD - [2012/12/06 19:59:42 | 000,082,832 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\IPDWidgetBridge.DLL
MOD - [2012/12/06 19:59:40 | 000,057,744 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\htmlhelper.dll
MOD - [2012/12/06 19:59:38 | 000,400,272 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\FeaturesBridge.DLL
MOD - [2012/12/06 19:59:30 | 000,268,688 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/12/06 19:59:30 | 000,176,528 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/12/06 19:59:28 | 000,380,304 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\BackupLib.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\zlib1.dll
MOD - [2011/01/05 10:32:21 | 000,176,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3MiddleTier\3.9.0.2__ad847f0ff03e5501\NG3MiddleTier.dll
MOD - [2011/01/05 10:32:21 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3Core\3.9.0.0__ad847f0ff03e5501\NG3Core.dll
MOD - [2011/01/05 10:32:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SCCAPIBase\3.9.0.1__ad847f0ff03e5501\SCCAPIBase.dll
MOD - [2011/01/05 10:32:19 | 001,499,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3Resources\1.0.0.0__ad847f0ff03e5501\NG3Resources.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AcroTray.FRA
MOD - [2008/10/07 14:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/03 00:08:12 | 001,722,368 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007/10/26 15:28:18 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007/09/20 20:19:56 | 000,184,320 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\SCCAPI_DLL.dll
MOD - [2007/03/13 00:34:20 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\ztvunrar36.dll
MOD - [2005/02/18 00:15:22 | 000,077,824 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzImage10.tgp
MOD - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Services (SafeList) ==========

SRV - [2013/06/28 20:52:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/28 16:56:56 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/17 12:20:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/05 10:13:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/03 23:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/04/14 06:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 06:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/09/20 20:20:26 | 000,028,672 | ---- | M] (Adobe Systems) [Auto | Running] -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe -- (RSO3MiddleTierService)
SRV - [2007/09/20 20:20:02 | 000,507,904 | ---- | M] (Adobe Systems) [Auto | Running] -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3Server.exe -- (RSO3Server)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/29 10:11:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/16 11:53:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/01/12 05:42:16 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TVMonitor.sys -- (MonitorFunction)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/17 15:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/19 18:56:31 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm140.sys -- (tdrpman140)
DRV - [2008/12/19 18:56:29 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2008/12/19 18:56:29 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/19 18:56:10 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2008/07/24 19:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...38DHP&dt=062813
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BA4D49D-C129-4A6E-B3A1-318F647E1AA7}: "URL" = http://websearch.ask...9A-0D466ED892B4
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\0C74A10FCB564138AD7667DA91A08DE4: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hitachi-cta.com:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///C:/Documents%20and%20Settings/Rene/My%20Documents/Dropbox/Pat-Rene/R450%20Items/AMI%20WebHelp/Fixed_Network_Help.htm#Overview/Index.htm|http://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=3aeq3tvo4orf4|http://neptunetg.com/systems/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.1.4
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.520
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.8
FF - prefs.js..extensions.enabledAddons: tabletools2%40mingyi.org:1.17
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:7.0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/28 18:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/28 18:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013/06/28 20:52:14 | 000,000,000 | ---D | M]

[2008/12/14 18:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions
[2013/06/29 11:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions
[2013/06/29 10:17:12 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2013/06/05 12:34:40 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2011/02/10 10:10:26 | 000,000,000 | ---D | M] (Yapta) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/27 15:45:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/16 09:05:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/29 11:01:36 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/31 07:55:43 | 002,168,615 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/29 10:31:20 | 000,043,476 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/27 14:39:00 | 000,353,425 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2012/05/04 08:03:15 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\askcom.xml
[2011/10/21 03:03:21 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\avg-secure-search.xml
[2013/06/24 09:37:58 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\web-search.xml
[2011/12/15 22:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/12 22:41:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/01 13:32:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/26 16:45:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 16:45:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.msn.com/?...38DHP&dt=062813
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TopArcadeHits = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/05/03 16:10:43 | 000,000,902 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.3.1.56 gontg
O1 - Hosts: 24.227.104.34 NTGvpn
O1 - Hosts: 10.3.1.31 edison.slbntdom.neptunetg.com
O1 - Hosts: 10.3.1.12 hanover.slbntdom.neptunetg.com
O1 - Hosts: 10.6.1.99 server2k3temp.slbntdom.neptunetg.com
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O4 - HKCU..\RunOnce: [TopArcadeHits136] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits18] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TopArcadeHits210] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [TopArcadeHits409] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits475] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Start Menu\Programs\TopArcadeHits\" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits517] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits576] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits647] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits655] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits829] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Start Menu\Programs\TopArcadeHits\" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits87] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [TopArcadeHits993] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\2013camps.xlsx.lnk = C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\E3 info\2013camps.xlsx ()
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rene\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 7.lnk = C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\REMEMBER.txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229296709718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1366221584796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C73881A2-E7F5-4CE4-B199-307EB127FE15} http://download.huma.../hcinstall7.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} http://hanover:8080/qcbin/Spider10.cab (Loader Class v5)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{487C1C3C-57B3-4253-AF58-2E80EADB607D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/14 18:12:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/29 10:10:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/06/28 20:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7
[2013/06/28 19:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/06/28 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/28 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/28 19:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/28 18:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/06/28 18:59:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/06/28 18:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/28 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/28 17:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz
[2013/06/28 16:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits
[2013/06/28 16:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\MyPhoneExplorer
[2013/06/28 16:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyPhoneExplorer
[2013/06/28 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2013/06/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\Oracle
[2013/06/25 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\Apple Computer
[2013/06/25 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\Apple Computer
[2013/06/25 15:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/06/25 15:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/25 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\Apple
[2013/06/25 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/25 15:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/06/24 14:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/06/24 14:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/06/17 16:47:01 | 000,000,000 | ---D | C] -- C:\EditPadLite7
[2013/06/17 10:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/06 09:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/06/05 11:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/29 10:27:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/29 10:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/29 10:11:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/06/28 19:03:05 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/28 18:54:16 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/28 17:27:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 16:59:17 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyPhoneExplorer.lnk
[2013/06/28 14:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/28 12:55:39 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\CorelDRAW X5.lnk
[2013/06/28 08:08:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/28 08:07:17 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/28 08:06:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/28 08:06:37 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/27 13:52:54 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/06/27 13:52:49 | 000,553,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/27 13:52:49 | 000,107,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/25 15:40:22 | 000,092,228 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/06/25 13:14:52 | 000,092,579 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2013/06/25 11:25:43 | 002,559,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/24 14:13:47 | 000,000,620 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/06/18 13:53:01 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPadLite7.exe.lnk
[2013/06/17 14:16:20 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2013/06/17 11:44:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/17 10:50:30 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/07 14:23:55 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/06/06 09:49:16 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/05 11:52:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
[2013/05/30 23:59:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 23:13:50 | 000,616,015 | ---- | M] () -- C:\Documents and Settings\Rene\Desktop\slide1.jpg
[2013/05/30 22:44:55 | 001,445,728 | ---- | M] () -- C:\Documents and Settings\Rene\Desktop\seagraves70.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/28 19:03:05 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/28 18:54:16 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/28 16:59:17 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyPhoneExplorer.lnk
[2013/06/25 15:38:44 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2013/06/25 15:38:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/25 15:38:04 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/06/18 13:53:01 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPadLite7.exe.lnk
[2013/06/05 23:56:55 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 7.lnk
[2013/06/05 11:52:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
[2013/05/30 23:13:50 | 000,616,015 | ---- | C] () -- C:\Documents and Settings\Rene\Desktop\slide1.jpg
[2013/05/30 22:44:55 | 001,445,728 | ---- | C] () -- C:\Documents and Settings\Rene\Desktop\seagraves70.jpg
[2013/01/16 14:34:51 | 003,614,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/04 17:11:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/12 10:02:23 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\dt.dat
[2012/09/07 15:19:27 | 000,022,690 | ---- | C] () -- C:\Documents and Settings\Rene\Application Data\Comma Separated Values (Windows).ADR
[2012/08/17 15:57:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\PUTTY.RND
[2012/07/18 16:58:35 | 000,067,473 | ---- | C] () -- C:\WINDOWS\QIF to OFX Converter Uninstaller.exe
[2012/07/17 13:31:01 | 000,918,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1645522239-725345543-1003-0.dat
[2012/07/17 13:31:00 | 000,459,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/07 16:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2012/03/07 16:36:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2012/02/15 23:11:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 13:47:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/25 08:59:33 | 002,559,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/25 16:23:26 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 09:37:22 | 000,092,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/19 19:20:37 | 000,000,215 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2011/08/01 12:15:32 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/08/01 12:15:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/02/02 10:12:20 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Rene\g2mdlhlpx.exe
[2010/07/05 23:32:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\prvlcl.dat

========== ZeroAccess Check ==========

[2008/12/14 21:10:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/28 19:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/03/09 12:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D1C5
[2008/12/19 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/04/16 14:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/01/24 09:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/10/01 23:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/20 01:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/03/07 16:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/02/20 09:04:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/02/20 09:04:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2013/02/20 08:52:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJETV
[2013/02/20 09:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2013/02/20 09:57:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/02/20 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2013/02/20 08:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2013/02/20 09:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/06/04 13:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2012/02/14 13:47:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/29 10:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/27 18:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/07/06 12:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/01/07 08:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SDL International
[2012/02/14 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/16 09:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/27 18:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2013/05/01 19:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/03/16 03:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Abine
[2009/04/05 13:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Acronis
[2011/09/20 09:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2013/05/01 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\AVG
[2012/09/29 12:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\AVG2013
[2013/02/20 09:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Canon
[2013/02/20 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Canon Easy-WebPrint EX
[2013/06/29 11:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Dropbox
[2011/09/01 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\ElmSoft
[2013/06/28 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\FileZilla
[2012/04/04 16:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\GlobalSCAPE
[2013/06/28 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\MyPhoneExplorer
[2011/01/05 22:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\NetLibCache
[2013/06/28 16:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Oracle
[2011/01/07 08:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\SDL International
[2011/02/09 08:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Sowedoo Software
[2012/02/08 15:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\TeamViewer
[2011/10/06 14:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Trillian
[2012/09/29 12:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\TuneUp Software
[2013/04/30 13:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Windows Search
[2011/02/02 08:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Wireshark

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\Rene\Desktop\seagraves70.jpg:com.dropbox.attributes
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 01 July 2013 - 08:40 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Robin_DUDE_notChick

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
gringo_pr
Posted 07 July 2013 - 01:00 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
gringo_pr
Posted 09 July 2013 - 11:50 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP