I'm having persistent problems with redirects when using Firefox 22 in WinXP SP-3 on a custom-built machine. The malware seems to locate the clickable buttons on a website and overlay them with a transparent hotspot to the redirected URL. I have not been able to eliminate the problem and would greatly appreciate your guidance. (Thanks in advance.) Here's the detailed info:
How the Infection Was Acquired
I went to apple.com to download iTunes for my PC. Everything seemed "normal" until I clicked the Download button on the iTunes page (http://www.apple.com/itunes/download/). It opened a new tab (unnoticed) and I just opened History to copy the URL (it was there last night) but the entire history from the time of clicking the download button at iTunes until the time of when I ran the "Uninstall Top Arcade Hits" has been removed. So, it looks to me as if the "uninstaller" just erases the ability to trace what websites were involved in the infection by removing them from the browser history. After clicking the Download button had taken me to that fake URL, I couldn't get iTunes to download at all, so I opened Chrome and IE and downloaded iTunes from the same page (http://www.apple.com/itunes/download/) without any problem. So, maybe this is coming in through a hole in Firefox 22, since it's not running in IE or Chrome.
Steps Taken before Accessing GeeksToGo
- Noticed that there was a new "program" appearing in my Start menu called Top Arcade Hits. I clicked it's uninstaller, but the thing persisted. So, I went through Control Panel > Add/Remove Programs, and it spawned the same uninstaller .exe that's in the menu. It prompted reboot to complete uninstall and opened a tab in browser at www.toparcadehits.com/exitsurvey. After rebooting, it persisted in the Start Menu.
- Made sure AVG Free is updated then ran full scan. It found a low-level warning about a broken digital signature on some file that it wouldn't clean, and I couldn't find it to uninstall it.
- Explored the Start Menu, used Properties > Find Target to get to the TopArcadeHits folder, shift-deleted the whole folder, then went back to the shortcuts in Start Menu and shift-deleted them, too.
- Checked Firefox Tools>Add-ons and found a listing for "TopArcadeHits 1.0" and clicked Remove. Restarted Firefox. It persisted in the Add-ons list, only now without the Remove button. So, I clicked Disable.
- Made sure Malwarebytes is updated and ran Malwarebytes full scan. Found nothing.
OTL Log
OTL logfile created on: 6/29/2013 11:10:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\software\malware removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 34.98% Memory free
5.33 Gb Paging File | 3.21 Gb Available in Paging File | 60.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 208.96 Gb Free Space | 35.05% Space Free | Partition Type: NTFS
Computer Name: RAPIDO | User Name: Rene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/29 11:10:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\software\malware removal\OTL.exe
PRC - [2013/06/28 20:52:41 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2013/06/28 20:52:38 | 000,017,304 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
PRC - [2013/06/28 16:56:56 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/25 12:27:22 | 000,251,144 | ---- | M] (FoodBuzz) -- C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\acrotray.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/06 20:00:12 | 001,176,464 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/12/06 19:59:24 | 001,181,584 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2009\QBW32.EXE
PRC - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 07:47:18 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 07:26:18 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/08/04 15:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/07/19 09:23:08 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/01/05 10:13:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office2007\Office12\GrooveMonitor.exe
PRC - [2008/10/03 23:45:12 | 000,960,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/03 23:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/10/03 23:39:54 | 000,554,264 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/10/03 23:23:30 | 004,344,472 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/18 19:01:56 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/09/20 20:20:26 | 000,028,672 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe
PRC - [2007/09/20 20:20:02 | 000,507,904 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3Server.exe
PRC - [2002/12/20 15:17:00 | 000,057,344 | ---- | M] (Thong Nguyen) -- C:\Program Files\PowerMenu\PowerMenu.exe
PRC - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
========== Modules (No Company Name) ==========
MOD - [2013/06/28 20:52:39 | 003,522,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\mozjs.dll
MOD - [2013/06/27 10:05:31 | 000,110,920 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\Webification.DLL
MOD - [2013/06/18 16:08:18 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/06/17 12:20:16 | 016,033,160 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/16 15:27:58 | 013,345,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\dc0c74bc42bbaeffcb7158c7ed0f1653\System.Data.Entity.ni.dll
MOD - [2013/05/16 14:50:27 | 001,189,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\d710cd0ec1e8fd768d4cf8c32775a220\System.Data.OracleClient.ni.dll
MOD - [2013/05/16 14:50:18 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 14:50:16 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013/05/16 13:33:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/16 11:21:27 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:15:35 | 018,002,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll
MOD - [2013/05/16 11:15:29 | 006,815,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll
MOD - [2013/05/16 11:15:16 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll
MOD - [2013/05/16 11:15:14 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 11:15:04 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll
MOD - [2013/05/16 11:15:00 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/05/16 11:14:55 | 000,749,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\aaf1949171dfbfcd4669ed8ba6cd3f10\System.Security.ni.dll
MOD - [2013/05/16 11:14:54 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/04/17 18:46:04 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013/04/17 18:46:01 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll
MOD - [2013/04/17 18:45:58 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013/04/17 18:45:44 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013/04/17 18:45:44 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/04/17 18:45:44 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013/04/17 18:45:08 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/04/17 18:36:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/04/17 18:36:15 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/04/17 18:35:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/04/17 18:35:50 | 001,116,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0ce6b74fddd392d58cb1b0afde82d22b\System.DirectoryServices.ni.dll
MOD - [2013/04/17 18:24:11 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/04/17 18:23:56 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/04/17 18:22:56 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/04/17 18:22:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/04/17 18:22:21 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/04/17 18:22:20 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/04/17 18:22:19 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\82f376255a9523982c52cf58b13268d3\PresentationFramework.Classic.ni.dll
MOD - [2013/04/17 18:21:52 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/04/17 18:21:41 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/04/17 18:21:35 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll
MOD - [2013/04/17 18:18:40 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/12/06 20:00:00 | 000,121,232 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\ReportBridge.DLL
MOD - [2012/12/06 19:59:54 | 000,138,128 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QBMAPILibrary.dll
MOD - [2012/12/06 19:59:50 | 000,020,880 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QBCompressor.DLL
MOD - [2012/12/06 19:59:48 | 000,070,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\QB2WPFBridge.dll
MOD - [2012/12/06 19:59:44 | 000,042,384 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\mbpopup.dll
MOD - [2012/12/06 19:59:42 | 000,093,072 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\IPDWidgetInterop.dll
MOD - [2012/12/06 19:59:42 | 000,082,832 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\IPDWidgetBridge.DLL
MOD - [2012/12/06 19:59:40 | 000,057,744 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\htmlhelper.dll
MOD - [2012/12/06 19:59:38 | 000,400,272 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\FeaturesBridge.DLL
MOD - [2012/12/06 19:59:30 | 000,268,688 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/12/06 19:59:30 | 000,176,528 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/12/06 19:59:28 | 000,380,304 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\BackupLib.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/08/19 21:30:50 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2009\zlib1.dll
MOD - [2011/01/05 10:32:21 | 000,176,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3MiddleTier\3.9.0.2__ad847f0ff03e5501\NG3MiddleTier.dll
MOD - [2011/01/05 10:32:21 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3Core\3.9.0.0__ad847f0ff03e5501\NG3Core.dll
MOD - [2011/01/05 10:32:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SCCAPIBase\3.9.0.1__ad847f0ff03e5501\SCCAPIBase.dll
MOD - [2011/01/05 10:32:19 | 001,499,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NG3Resources\1.0.0.0__ad847f0ff03e5501\NG3Resources.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AcroTray.FRA
MOD - [2008/10/07 14:33:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/03 00:08:12 | 001,722,368 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
MOD - [2007/10/26 15:28:18 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2007/09/20 20:19:56 | 000,184,320 | ---- | M] () -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\SCCAPI_DLL.dll
MOD - [2007/03/13 00:34:20 | 000,162,304 | ---- | M] () -- C:\WINDOWS\system32\ztvunrar36.dll
MOD - [2005/02/18 00:15:22 | 000,077,824 | ---- | M] () -- C:\Program Files\TUGZip\Plugins\TzImage10.tgp
MOD - [2002/03/19 18:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
========== Services (SafeList) ==========
SRV - [2013/06/28 20:52:40 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/28 16:56:56 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/17 12:20:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/06 19:17:04 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/19 21:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 21:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/05 10:13:11 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office2007\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/03 23:39:54 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/04/14 06:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 06:41:56 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/09/20 20:20:26 | 000,028,672 | ---- | M] (Adobe Systems) [Auto | Running] -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe -- (RSO3MiddleTierService)
SRV - [2007/09/20 20:20:02 | 000,507,904 | ---- | M] (Adobe Systems) [Auto | Running] -- C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe RoboSource Control 3.1\RSO3Server.exe -- (RSO3Server)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/29 10:11:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/16 11:53:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/01/12 05:42:16 | 000,013,304 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TVMonitor.sys -- (MonitorFunction)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/17 15:18:52 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/12/19 18:56:31 | 000,971,168 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm140.sys -- (tdrpman140)
DRV - [2008/12/19 18:56:29 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2008/12/19 18:56:29 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/19 18:56:10 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2008/07/24 19:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...38DHP&dt=062813
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BA4D49D-C129-4A6E-B3A1-318F647E1AA7}: "URL" = http://websearch.ask...9A-0D466ED892B4
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\0C74A10FCB564138AD7667DA91A08DE4: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hitachi-cta.com:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///C:/Documents%20and%20Settings/Rene/My%20Documents/Dropbox/Pat-Rene/R450%20Items/AMI%20WebHelp/Fixed_Network_Help.htm#Overview/Index.htm|http://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=3aeq3tvo4orf4|http://neptunetg.com/systems/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.1.4
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.520
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.8
FF - prefs.js..extensions.enabledAddons: tabletools2%40mingyi.org:1.17
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:7.0.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.hitachi-cta.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/28 18:55:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/28 18:55:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013/06/28 20:52:14 | 000,000,000 | ---D | M]
[2008/12/14 18:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions
[2013/06/29 11:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions
[2013/06/29 10:17:12 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2013/06/05 12:34:40 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2011/02/10 10:10:26 | 000,000,000 | ---D | M] (Yapta) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/27 15:45:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/16 09:05:51 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/29 11:01:36 | 000,000,000 | ---D | M] ("TableTools2") -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/05/31 07:55:43 | 002,168,615 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/29 10:31:20 | 000,043,476 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2013/06/27 14:39:00 | 000,353,425 | ---- | M] () (No name found) -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\[email protected]
[2012/05/04 08:03:15 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\askcom.xml
[2011/10/21 03:03:21 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\avg-secure-search.xml
[2013/06/24 09:37:58 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\searchplugins\web-search.xml
[2011/12/15 22:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/12 22:41:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/01 13:32:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/26 16:45:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 16:45:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.msn.com/?...38DHP&dt=062813
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TopArcadeHits = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rene\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/05/03 16:10:43 | 000,000,902 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.3.1.56 gontg
O1 - Hosts: 24.227.104.34 NTGvpn
O1 - Hosts: 10.3.1.31 edison.slbntdom.neptunetg.com
O1 - Hosts: 10.3.1.12 hanover.slbntdom.neptunetg.com
O1 - Hosts: 10.6.1.99 server2k3temp.slbntdom.neptunetg.com
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files\FoodBuzz\Extension\adxloader.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Adobe Technical Communication Suite 2\Adobe Acrobat\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [FoodBuzzUpdate] C:\Program Files\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O4 - HKCU..\RunOnce: [TopArcadeHits136] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits18] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [TopArcadeHits210] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [TopArcadeHits409] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits475] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Start Menu\Programs\TopArcadeHits\" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits517] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits576] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Firefox\Profiles\cfcdulct.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits647] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits655] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits829] cmd.exe /c rmdir "C:\Documents and Settings\Rene\Start Menu\Programs\TopArcadeHits\" /s /q File not found
O4 - HKCU..\RunOnce: [TopArcadeHits87] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [TopArcadeHits993] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\2013camps.xlsx.lnk = C:\Documents and Settings\Rene\My Documents\Dropbox\RLS share\E3 info\2013camps.xlsx ()
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Rene\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 7.lnk = C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Documents and Settings\Rene\Start Menu\Programs\Startup\REMEMBER.txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Office2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: facebook.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range4 ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229296709718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1366221584796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {C73881A2-E7F5-4CE4-B199-307EB127FE15} http://download.huma.../hcinstall7.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} http://hanover:8080/qcbin/Spider10.cab (Loader Class v5)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{487C1C3C-57B3-4253-AF58-2E80EADB607D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Rene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rene\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/14 18:12:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/29 10:10:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/06/28 20:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7
[2013/06/28 19:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/06/28 19:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/28 19:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/28 19:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/28 18:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/06/28 18:59:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/06/28 18:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/28 18:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/06/28 17:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\FoodBuzz
[2013/06/28 16:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\TopArcadeHits
[2013/06/28 16:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\MyPhoneExplorer
[2013/06/28 16:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyPhoneExplorer
[2013/06/28 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2013/06/28 16:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\Oracle
[2013/06/25 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\Apple Computer
[2013/06/25 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Application Data\Apple Computer
[2013/06/25 15:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2013/06/25 15:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/06/25 15:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rene\Local Settings\Application Data\Apple
[2013/06/25 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/06/25 15:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2013/06/24 14:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/06/24 14:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/06/17 16:47:01 | 000,000,000 | ---D | C] -- C:\EditPadLite7
[2013/06/17 10:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/06 09:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/06/05 11:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/29 10:27:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/29 10:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/29 10:11:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/06/28 19:03:05 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/28 18:54:16 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/28 17:27:03 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/28 16:59:17 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyPhoneExplorer.lnk
[2013/06/28 14:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/28 12:55:39 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\CorelDRAW X5.lnk
[2013/06/28 08:08:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/28 08:07:17 | 000,200,819 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/06/28 08:06:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/28 08:06:37 | 3756,511,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/27 13:52:54 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/06/27 13:52:49 | 000,553,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/27 13:52:49 | 000,107,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/25 15:40:22 | 000,092,228 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/06/25 13:14:52 | 000,092,579 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2013/06/25 11:25:43 | 002,559,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/24 14:13:47 | 000,000,620 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/06/18 13:53:01 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPadLite7.exe.lnk
[2013/06/17 14:16:20 | 000,002,467 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2013/06/17 11:44:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/17 10:50:30 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/07 14:23:55 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/06/06 09:49:16 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/05 11:52:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
[2013/05/30 23:59:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/30 23:13:50 | 000,616,015 | ---- | M] () -- C:\Documents and Settings\Rene\Desktop\slide1.jpg
[2013/05/30 22:44:55 | 001,445,728 | ---- | M] () -- C:\Documents and Settings\Rene\Desktop\seagraves70.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/28 19:03:05 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/28 18:54:16 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/06/28 16:59:17 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyPhoneExplorer.lnk
[2013/06/25 15:38:44 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2013/06/25 15:38:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/25 15:38:04 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/06/18 13:53:01 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\Rene\Application Data\Microsoft\Internet Explorer\Quick Launch\EditPadLite7.exe.lnk
[2013/06/05 23:56:55 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\Rene\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 7.lnk
[2013/06/05 11:52:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
[2013/05/30 23:13:50 | 000,616,015 | ---- | C] () -- C:\Documents and Settings\Rene\Desktop\slide1.jpg
[2013/05/30 22:44:55 | 001,445,728 | ---- | C] () -- C:\Documents and Settings\Rene\Desktop\seagraves70.jpg
[2013/01/16 14:34:51 | 003,614,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/04 17:11:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/12 10:02:23 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\dt.dat
[2012/09/07 15:19:27 | 000,022,690 | ---- | C] () -- C:\Documents and Settings\Rene\Application Data\Comma Separated Values (Windows).ADR
[2012/08/17 15:57:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\PUTTY.RND
[2012/07/18 16:58:35 | 000,067,473 | ---- | C] () -- C:\WINDOWS\QIF to OFX Converter Uninstaller.exe
[2012/07/17 13:31:01 | 000,918,822 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-1645522239-725345543-1003-0.dat
[2012/07/17 13:31:00 | 000,459,550 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/07 16:37:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2012/03/07 16:36:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2012/02/15 23:11:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 13:47:12 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/25 08:59:33 | 002,559,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/25 16:23:26 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/20 09:37:22 | 000,092,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/19 19:20:37 | 000,000,215 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2011/08/01 12:15:32 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/08/01 12:15:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/02/02 10:12:20 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Rene\g2mdlhlpx.exe
[2010/07/05 23:32:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rene\Local Settings\Application Data\prvlcl.dat
========== ZeroAccess Check ==========
[2008/12/14 21:10:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 21:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/06/28 19:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/03/09 12:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D1C5
[2008/12/19 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/04/16 14:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/01/24 09:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/10/01 23:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/20 01:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/03/07 16:35:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/02/20 09:04:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/02/20 09:04:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2013/02/20 08:52:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJETV
[2013/02/20 09:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2013/02/20 09:57:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013/02/20 08:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2013/02/20 08:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2013/02/20 09:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2010/06/04 13:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2012/02/14 13:47:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/29 10:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/27 18:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/07/06 12:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/01/07 08:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SDL International
[2012/02/14 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/16 09:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/27 18:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2013/05/01 19:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012/03/16 03:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Abine
[2009/04/05 13:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Acronis
[2011/09/20 09:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2013/05/01 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\AVG
[2012/09/29 12:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\AVG2013
[2013/02/20 09:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Canon
[2013/02/20 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Canon Easy-WebPrint EX
[2013/06/29 11:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Dropbox
[2011/09/01 13:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\ElmSoft
[2013/06/28 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\FileZilla
[2012/04/04 16:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\GlobalSCAPE
[2013/06/28 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\MyPhoneExplorer
[2011/01/05 22:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\NetLibCache
[2013/06/28 16:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Oracle
[2011/01/07 08:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\SDL International
[2011/02/09 08:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Sowedoo Software
[2012/02/08 15:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\TeamViewer
[2011/10/06 14:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Trillian
[2012/09/29 12:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\TuneUp Software
[2013/04/30 13:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Windows Search
[2011/02/02 08:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rene\Application Data\Wireshark
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\Rene\Desktop\seagraves70.jpg:com.dropbox.attributes
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0B4227B4
< End of report >