TechSpot

Trojan Dropper:Win32 Infection

Solved
By TheDreams
Oct 26, 2013
  1. I accidently download a virus and made a post about it here I scanned my computer with Microsoft security essentials and removed some items, but it seems that some needed quarantined. So I was wondering(idk about virus's/malware etc.,) could you see if I am still infected?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.27.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Eli :: BUNDLEOFJOY [administrator]

    Protection: Enabled

    10/26/2013 22:33:47
    MBAM-log-2013-10-26 (23-12-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 403739
    Time elapsed: 33 minute(s), 49 second(s)

    Memory Processes Detected: 2
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 1096 -> No action taken.
    C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> 3792 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 114
    HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
    HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.
    HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.
    HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.
    HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
    HKCR\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> No action taken.
    HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> No action taken.
    HKCR\escort.escortIEPane (PUP.Optional.Delta) -> No action taken.
    HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
    HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> No action taken.
    HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
    HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> No action taken.
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.
    HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> No action taken.
    HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> No action taken.
    HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> No action taken.
    HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> No action taken.
    HKCR\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4} (PUP.FaceThemes) -> No action taken.
    HKCR\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.
    HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.
    HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> No action taken.
    HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
    HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
    HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps (PUP.Optional.Somoto.A) -> No action taken.
    HKCR\CLSID\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0004479.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
    HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> No action taken.
    HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
    HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
    HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> No action taken.
    HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> No action taken.
    HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> No action taken.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
    HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
    HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> No action taken.
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> No action taken.
    HKLM\SOFTWARE\MINIBAR (PUP.Optional.MiniBar.A) -> No action taken.
    HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
    HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> No action taken.
    HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> No action taken.
    HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> No action taken.
    HKCR\d (PUP.Optional.Delta.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> No action taken.
    HKCR\CLSID\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
    HKCR\CLSID\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken.

    Registry Values Detected: 13
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> No action taken.
    HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
    HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data: -> No action taken.
    HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Data: -> No action taken.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> No action taken.
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> No action taken.
    HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> No action taken.
    HKLM\SOFTWARE\Minibar|NoDns (PUP.Optional.MiniBar.A) -> Data: true -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 61
    C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\icons (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\plugins (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\bh (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\getsavin\ie (PUP.Optional.Getsavin.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533 (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.6.9.12 (PUP.Optional.BabylonToolbar.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3282137 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
     
  4. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    Files Detected: 263
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken.
    C:\Program Files (x86)\Minibar\Minibar.dll (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (PUP.Optional.Delta) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe (PUP.Optional.Delta) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CouponAlerts.exe (PUP.Optional.CrossRider) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\crt9D05.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\dp.exe (PUP.Optional.DealPly.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\fft27A6.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ietB247.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\B4869C2E-BAB0-7891-8D2F-D2FCCE959897\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\is1108708961\DeltaTB.exe (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\is357113909\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\wzd7eb\temp\2013811232282027214068\bundleapp.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\Abraham\Downloads\rs2network_10484(2).exe (PUP.Optional.InstallIQ.A) -> No action taken.
    C:\Users\Abraham\Downloads\rs2network_10484(3).exe (PUP.Optional.InstallIQ.A) -> No action taken.
    C:\Users\Abraham\Downloads\rs2network_10484.exe (PUP.Optional.InstallIQ.A) -> No action taken.
    C:\Users\Eli\Downloads\FlashPlayer_V.121771337.exe (PUP.FakeFlash.Domaiq) -> No action taken.
    C:\Users\Eli\Downloads\FLV_Runner_B.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Eli\Downloads\Man_of_Steel_2013_1080p_BrRip_x264_YIFY.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
    C:\Users\Eli\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> No action taken.
    C:\Users\Eli\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
    C:\Users\Jed\Downloads\epicbot_520.exe (PUP.Optional.InstallIQ.A) -> No action taken.
    C:\Users\Eli\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (PUP.Optional.Somoto.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Windows\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\dealcabby\ie\dealcabby_20120914044001.dll (Adware.DealCabby) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\dealcabby\ie\dealcabby_20120914044001.dll (Adware.DealCabby) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\Delta\delta.crx (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Program Files (x86)\DefaultTab\uid (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.
    C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\minibar.crx (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome.crx (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome.pem (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\common.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\ie_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\minibar.xpi (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\SettingsHelper.exe (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\Uninstall.exe (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\update_chrome.xml (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\background.html (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\cached_http_request.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\main.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\manifest.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\MinibarPlugin.dll (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\popup.html (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\popup.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\tab.html (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\tab.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_kango.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_menu.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_pageutils.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_popup.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_userscript.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\button.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome.manifest (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\install.rdf (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\content.xul (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\main.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\config.xml (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\main.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon16.ico (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon19.ico (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\json.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\md5.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\storage.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\utils.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\commandbar_button.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\toolbar_stub.html (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-bottom.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-top.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-left.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-right.png (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Program Files (x86)\Minibar\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com\sidTRUS01.tidy (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2networkTRUS01.exe (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
    C:\Users\Eli\AppData\Local\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe (PUP.Optional.Delta.A) -> No action taken.
    C:\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe (PUP.Optional.Delta.A) -> No action taken.
    C:\Users\Eli\AppData\Local\getsavin\ie\getsavin_1360599286.dll (PUP.Optional.Getsavin.A) -> No action taken.
    C:\Users\Eli\AppData\Local\getsavin\ie\getsavin_1361127901.dll (PUP.Optional.Getsavin.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533\AVG_Toolbar_CB_ALL_p3v5.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\CT3220468.txt (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\initData.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\CT3244149.txt (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\initData.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\ct3244149\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3282137\CT3282137.txt (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3282137\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3282137\initData.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\Temp\CT3282137\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    C:\Users\Eli\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
    (end)

    DDS Scan:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
    Run by Eli at 23:20:14 on 2013-10-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2535 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\MioNet\MioNetManager.exe
    C:\Program Files (x86)\MioNet\jvm\bin\MioNet.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.exe
    C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.entru.com/?s=21983
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    mStart Page = hxxp://search.entru.com/?s=21983
    uProxyServer = hxxp=127.0.0.1:8555
    uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
    BHO: {5F815AD7-A955-4943-91C4-7A96C2932399} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [Facebook Update] "C:\Users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [SearchProtection] "C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
    uRun: [uTorrent] "C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    mRun: [BigDogPath] C:\Windows\VM_STI.exe Philips SPC 200NC PC Camera
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Eli\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Eli\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRAYMI~1.LNK - C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: aeriagames.com
    Trusted Zone: aeriagames.com
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4} : DHCPNameServer = 10.0.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
     
  5. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Eli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Eli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins\npMinibarPlugin.dll
    FF - plugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    FF - ExtSQL: 2013-10-25 10:37; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
    FF - ExtSQL: 2013-10-25 10:37; addon@defaulttab.com; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2013-10-25 12:27; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
    FF - ExtSQL: 2013-10-25 12:38; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
    FF - ExtSQL: 2013-10-25 12:41; jid1-F9UJ2thwoAm5gQ@jetpack; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043&q=
    FF - user.js: extensions.funmoods.id - 90E6BAEC97503891
    FF - user.js: extensions.funmoods.instlDay - 15556
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:34:13
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - adknlg
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - adknlg
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=
    FF - user.js: extensions.BabylonToolbar.id - d89d389100000000000090e6baec9750
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15597
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:45:56
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120912_pcp_3712_3
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    .
    FF - user.js: extentions.y2layers.installId - 0ce607e2-b2ae-4cdb-b8dc-643589254ef9
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers
    .
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - d89d389100000000000090e6baec9750
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15748
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.016:13:58
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-7 52856]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-10-15 46792]
    R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-9-17 878888]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-9-17 556840]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-26 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-26 701512]
    R2 MioNet;MioNet Service;C:\Program Files (x86)\MioNet\MioNetManager.exe [2005-7-15 139264]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
    R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-10-22 106472]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-9 5087584]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-26 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
    R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
    R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-9-17 42184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-7-23 25704]
    S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-10-27 03:15:3175888----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F1CFD-F34C-4112-A814-599BCFA53DD2}\offreg.dll
    2013-10-27 02:30:3825928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-10-27 02:30:38--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-10-27 01:22:1210280728----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F1CFD-F34C-4112-A814-599BCFA53DD2}\mpengine.dll
    2013-10-26 21:23:0810280728------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-10-25 16:39:0374648----a-w-C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2013-10-25 16:39:03271256----a-w-C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-10-25 16:39:032106216----a-w-C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2013-10-25 16:39:0319352----a-w-C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2013-10-25 16:39:02301464----a-w-C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
    2013-10-25 16:39:02274840----a-w-C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2013-10-25 16:39:02116632----a-w-C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
    2013-10-25 16:39:0163384----a-w-C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2013-10-25 16:39:01548760----a-w-C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2013-10-25 16:39:013215256----a-w-C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2013-10-25 16:39:01118680----a-w-C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2013-10-25 14:37:38--------d-----w-C:\Users\Eli\AppData\Roaming\DefaultTab
    2013-10-25 14:24:26--------d-----w-C:\Program Files (x86)\MyPC Backup
    2013-10-25 14:24:20640957----a-w-C:\Windows\unins000.exe
    2013-10-25 14:24:20237568----a-w-C:\Windows\Matrix Code Emulator.scr
    2013-10-22 00:45:26--------d-----w-C:\321403204fe272438589fd
    2013-10-21 01:17:07--------d-----w-C:\Users\Eli\AppData\Roaming\SanDisk
    2013-10-20 00:06:06--------d-----w-C:\Program Files (x86)\Common Files\TechSmith Shared
    2013-10-19 21:29:26--------d-----w-C:\ProgramData\Oracle
    2013-10-19 21:29:0896168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-18 21:19:03965000------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EDF1560-E8B5-409D-ADA1-F50A307D7160}\gapaengine.dll
    2013-10-16 12:03:48--------d-----w-C:\Windows\SysWow64\Hotspot Shield
    2013-10-16 01:28:20--------d-----w-C:\ProgramData\Hotspot Shield
    2013-10-16 01:27:3146792----a-w-C:\Windows\System32\drivers\hssdrv6.sys
    2013-10-16 01:27:30--------d-----w-C:\Program Files (x86)\Hotspot Shield
    2013-10-14 21:04:251202688----a-w-C:\Windows\System32\ac3filter64.acm
    2013-10-14 21:04:24965120----a-w-C:\Windows\SysWow64\ac3filter.acm
    2013-10-14 21:04:22--------d-----w-C:\Program Files (x86)\AC3Filter
    2013-10-13 22:34:11--------d-----w-C:\ProgramData\NaturalReaders
    2013-10-13 22:31:04--------d-----w-C:\ProgramData\NaturalSoft
    2013-10-09 12:04:5117813896----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-10-09 10:45:5976800----a-w-C:\Windows\System32\drivers\hidclass.sys
    2013-10-09 10:45:5932896----a-w-C:\Windows\System32\drivers\hidparse.sys
    2013-10-09 10:45:563155968----a-w-C:\Windows\System32\win32k.sys
    2013-10-09 10:45:46124112----a-w-C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-09 10:45:46102608----a-w-C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-10-09 10:45:4599840----a-w-C:\Windows\System32\drivers\usbccgp.sys
    2013-10-09 10:45:45983488----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-10-09 10:45:4552736----a-w-C:\Windows\System32\drivers\usbehci.sys
    2013-10-09 10:45:45325120----a-w-C:\Windows\System32\drivers\usbport.sys
    2013-10-09 10:45:447808----a-w-C:\Windows\System32\drivers\usbd.sys
    2013-10-09 10:45:44343040----a-w-C:\Windows\System32\drivers\usbhub.sys
    2013-10-09 10:45:4430720----a-w-C:\Windows\System32\drivers\usbuhci.sys
    2013-10-09 10:45:4425600----a-w-C:\Windows\System32\drivers\usbohci.sys
    2013-10-06 22:48:27--------d-----w-C:\Program Files (x86)\GRETECH
    2013-10-05 23:10:54--------d-----w-C:\Users\Eli\exoriacache
    .
    ==================== Find3M ====================
    .
    2013-10-09 12:05:0571048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-10-09 12:05:05692616----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-09-22 23:28:061767936----a-w-C:\Windows\SysWow64\wininet.dll
    2013-09-22 23:27:492876928----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-09-22 23:27:4861440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-09-22 23:27:48109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-09-22 22:55:102241024----a-w-C:\Windows\System32\wininet.dll
    2013-09-22 22:54:513959296----a-w-C:\Windows\System32\jscript9.dll
    2013-09-22 22:54:5067072----a-w-C:\Windows\System32\iesetup.dll
    2013-09-22 22:54:50136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-09-21 03:38:392706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-09-21 03:30:242706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-09-21 02:48:3689600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-09-21 02:39:4771680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-09-17 20:33:4042184----a-w-C:\Windows\System32\drivers\taphss6.sys
    2013-09-07 01:15:11466456----a-w-C:\Windows\System32\wrap_oal.dll
    2013-09-07 01:15:10444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2013-09-07 01:15:10122904----a-w-C:\Windows\System32\OpenAL32.dll
    2013-09-07 01:15:10109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2013-08-02 02:23:535550528----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-08-02 02:15:441732032----a-w-C:\Windows\System32\ntdll.dll
    2013-08-02 02:15:03362496----a-w-C:\Windows\System32\wow64win.dll
    2013-08-02 02:15:03243712----a-w-C:\Windows\System32\wow64.dll
    2013-08-02 02:15:0313312----a-w-C:\Windows\System32\wow64cpu.dll
    2013-08-02 02:14:57215040----a-w-C:\Windows\System32\winsrv.dll
    2013-08-02 02:14:1116384----a-w-C:\Windows\System32\ntvdm64.dll
    2013-08-02 02:13:34424448----a-w-C:\Windows\System32\KernelBase.dll
    2013-08-02 01:59:303968960----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-08-02 01:59:303913664----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-08-02 01:51:231292192----a-w-C:\Windows\SysWow64\ntdll.dll
    2013-08-02 01:50:425120----a-w-C:\Windows\SysWow64\wow32.dll
    2013-08-02 01:50:42274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2013-08-02 01:09:17338432----a-w-C:\Windows\System32\conhost.exe
    2013-08-02 00:59:09112640----a-w-C:\Windows\System32\smss.exe
    2013-08-02 00:45:3725600----a-w-C:\Windows\SysWow64\setup16.exe
    2013-08-02 00:45:3614336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2013-08-02 00:45:357680----a-w-C:\Windows\SysWow64\instnm.exe
    2013-08-02 00:45:342048----a-w-C:\Windows\SysWow64\user.exe
    2013-08-02 00:43:056144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:054608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:053584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:053072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 23:23:28.77 ===============
     
  6. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    Attach.txt:
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/24/2009 13:13:24
    System Uptime: 10/26/2013 23:15:05 (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLET
    Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 584 GiB total, 354.057 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.182 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SD/MMC
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
    Manufacturer: Generic-
    Name: I:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SM/xD-Picture
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
    Manufacturer: Generic-
    Name: H:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
    Service: WUDFRd
    .
    Class GUID:
    Description:
    Device ID: ROOT\MEDIA\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MEDIA\0001
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Compact Flash
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
    Manufacturer: Generic-
    Name: G:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MS/MS-Pro
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
    Manufacturer: Generic-
    Name: J:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP836: 10/19/2013 17:27:35 - Installed Java 7 Update 45
    RP837: 10/19/2013 20:05:16 - Installed Camtasia Studio 8
    RP838: 10/20/2013 19:00:19 - Windows Backup
    RP839: 10/22/2013 16:40:42 - Windows Update
    RP840: 10/23/2013 03:00:10 - Windows Update
    RP841: 10/23/2013 07:07:12 - Installed DirectX
    RP842: 10/26/2013 17:22:28 - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3DVIA player 5.0
    AC3Filter 2.5b
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 6.0
    Adobe Reader XI (11.0.05)
    Advanced ID Creator
    AIM 7
    Akamai NetSession Interface
    Amnesia: The Dark Descent
    AOL Messaging Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Armagetron Advanced 0.2.8.3.2
    AssaultCube v1.1.0.4
    Audio Converter
    Bonjour
    Bucksbee Loyalty Plugin 100815.b for Chrome
    Camtasia Studio 8
    CINEMA 4D R14
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    DealCabby
    Delta Chrome Toolbar
    DirectX for Managed Code Update (Summer 2004)
    Dota 2
    Download Updater (AOL LLC)
    Dual-Core Optimizer
    Facebook Video Calling 1.2.0.287
    Free RAR Extract Frog
    gamelauncher-ps2-live
    Garry's Mod
    GetSavin
    GIMP 2.6.7
    GOM Player
    Google Chrome
    Google Update Helper
    Half-Life 2
    Hardware Diagnostic Tools
    Homepage Protection
    Hotspot Shield 3.17
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Information
    HP Update
    iTunes
    Java 7 Update 45
    Java Auto Updater
    LabelPrint
    League of Legends
    LightScribe System Software
    LSI PCI-SV92EX Soft Modem
    Malwarebytes Anti-Malware version 1.75.0.1300
    Matrix Code Emulator 1.50
    MFC RunTime files
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5
    Microsoft Application Error Reporting
    Microsoft Expression Blend 3 SDK
    Microsoft Expression Blend 4
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Expression Design 4
    Microsoft Expression Encoder 4
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft Expression Studio 4
    Microsoft Expression Web 4
    Microsoft Expression Web 4 Service Pack 2
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Live Search Toolbar
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 60 day trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Small Business Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Works
    MioNet
    Mojo
    MOVband SYNC
    Movie Maker
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetAssistant
    NVIDIA 3D Vision Controller Driver 320.49
    NVIDIA 3D Vision Driver 320.49
    NVIDIA Control Panel 320.49
    NVIDIA Drivers
    NVIDIA GeForce Experience 1.5.1
    NVIDIA Graphics Driver 320.49
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 6.4.23
    NVIDIA Update Components
    Open Broadcaster Software
    OpenAL
    Pando Media Booster
    PerformanceTest v8.0
    Philips SPC 300NC PC Camera
    Philips VLounge
    Photo Common
    Photo Gallery
    Portal 2
    Power2Go
    PowerDirector
    PowerRecover
    QuickTime
    Razer Game Booster
    Razer Nostromo
    Realtek High Definition Audio Driver
    RuneScape Launcher 1.2
    RuneScape Launcher 1.2.3
    SanDiskSecureAccess_Manager.exe
    Scratch
    Search Protection
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Security Update for Microsoft .NET Framework 4.5 (KB2833957)
    Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
    Security Update for Microsoft .NET Framework 4.5 (KB2861208)
    Security Update for Microsoft Expression Design 4 (KB2667730)
    Shutterfly Express Uploader
    SIPPS
    Skype Click to Call
    Skype™ 6.9
    Steam
    System Requirements Lab CYRI
    TeamViewer 8
    Unity Web Player
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinZip 17.0
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    XviD Video Codec (remove only)
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/26/2013 20:56:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 20:56:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 20:56:51, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 20:56:51, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:26:18, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:26:17, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:15:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    10/26/2013 17:15:20, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/26/2013 17:14:25, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\CRX_INSTALL\spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:14:16, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\CRX_INSTALL\background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:12:50, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:12:48, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/26/2013 17:11:32, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/25/2013 20:34:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/25/2013 20:34:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/25/2013 20:34:42, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/25/2013 20:34:42, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
    10/25/2013 20:31:18, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    10/24/2013 14:31:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.
    10/24/2013 14:31:38, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/20/2013 21:17:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
    10/20/2013 21:14:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
     
  8. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    I think I may be confused, I removed all the selected results as stated in Julio's tutorial and when I re scanned the only thing in the log was this:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.27.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Eli :: BUNDLEOFJOY [administrator]

    Protection: Enabled

    10/26/2013 23:38:50
    MBAM-log-2013-10-27 (00-06-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 402770
    Time elapsed: 26 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
     
  9. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    [​IMG] The above log still has one item marked as "No action taken".
    You need to fix it as well.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  10. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    The new Malwarebytes Anti-Malware scan results:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.27.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Eli :: BUNDLEOFJOY [administrator]

    Protection: Enabled

    10/27/2013 10:51:46
    mbam-log-2013-10-27 (10-51-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 402265
    Time elapsed: 26 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Eli [Admin rights]
    Mode : Remove -- Date : 10/27/2013 11:21:57
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] SearchProtection.exe -- C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-1080744780-1357818022-3563604407-1008\[...]\Run : SearchProtection ("C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] TidyNetwork Update : C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

    ¤¤¤ Startup Entries : 1 ¤¤¤
    [Grandma Di-Di][SUSP PATH] MOVband SYNC.lnk : C:\Users\Grandma Di-Di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MOVband SYNC.lnk @C:\Users\Grandma Di-Di\AppData\Roaming\Microsoft\Installer\{DD521EA9-7D08-403D-A830-38ECD1F76C38}\_0725771C0865EA0C540C42.exe [-][-] -> DELETED

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
    --- User ---
    [MBR] 3bd7e4448353601829182bd969c7cde2
    [BSP] 84075f653f7649b0eb28ea262717bad6 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598085 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1225084928 | Size: 12293 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SD/MMC USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[0]_D_10272013_112157.txt >>
    RKreport[0]_S_10272013_112148.txt

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1007

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16721

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.600000 GHz
    Memory total: 6173212672, free: 3425869824

    Downloaded database version: v2013.10.27.03
    Downloaded database version: v2013.10.11.02
    =======================================
    Initializing...
    ------------ Kernel report ------------
    10/27/2013 11:30:40
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\nvstor64.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\hssdrv6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvsmu.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\nvmf6264.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\agrsm64.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\rzjoystk.sys
    \SystemRoot\System32\drivers\mshidkmdf.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\ScreamingBAudio64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\taphss6.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_nvstor64.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\lvuvc64.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\lvrs64.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\System32\Drivers\usbaapl64.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msctf.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\usp10.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\nsi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\imm32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\sechost.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\lpk.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\wininet.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa8004eee790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007c\
    Lower Device Object: 0xfffffa800738ca20
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa800784f790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007a\
    Lower Device Object: 0xfffffa800738e880
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa80076a7790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000079\
    Lower Device Object: 0xfffffa8007372b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa800781e790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000078\
    Lower Device Object: 0xfffffa80073769a0
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005b7a060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000005d\
    Lower Device Object: 0xfffffa80058ee330
    Lower Device Driver Name: \Driver\nvstor64\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005b7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005b7aab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005b7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004ea5e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80058ee330, DeviceName: \Device\0000005d\, DriverName: \Driver\nvstor64\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1549F232

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1224878080

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1225084928 Numsec = 25176064

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa800781e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007394b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800781e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80073769a0, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa80076a7790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007392b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80076a7790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007372b60, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 3, DevicePointer: 0xfffffa800784f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007396b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800784f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800738e880, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa8004eee790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007397b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004eee790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800738ca20, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished

    Malwarebytes Anti-Rootkit BETA 1.07.0.1007
    www.malwarebytes.org

    Database version: v2013.10.27.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16721
    Eli :: BUNDLEOFJOY [administrator]

    10/27/2013 11:30:48
    mbar-log-2013-10-27 (11-30-48).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 423117
    Time elapsed: 28 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    On the anti-rootkit no malicious malware was found(first time) so I did not have to do a cleanup! But I am still receiving the same popup on all sites(about every 4 or 5th website I visit and also a popup on the bottom right of the screen, and certain words in all text(facebook, techspot, google, smartestcomputing, yahoo, centurylink) are highlighted and when I hover over them It is an advertisement. I know you don't usually review an attachment but I am showing you what I mean by the words being highlighted when I attached no link to them.
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    We'll get there.
    Be patient.

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
     
  12. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    ComboFix 13-10-26.01 - Eli 10/27/2013 18:07:05.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3955 [GMT -4:00]
    Running from: c:\users\Eli\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\install.rdf
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
    c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
    c:\users\Eli\AppData\Local\assembly\tmp
    c:\users\Eli\AppData\Local\dealcabby
    c:\users\Eli\AppData\Local\dealcabby\license.txt
    c:\users\Eli\AppData\Local\dealcabby\sqlite3.exe
    c:\users\Eli\AppData\Local\dealcabby\uninst.exe
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\background.html
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\crossriderManifest.json
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\manifest.xml
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins.json
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1_base.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1000014_GPL Plugin (Loader).js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1000015_GPL Background (BG).js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\17_jQuery.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\19_CHAppAPIWrapper.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\21_debug.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\22_resources.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\28_initializer.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\47_resources_background.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\64_appApiMessage.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\72_appApiValidation.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\80_CHPopupAppAPI.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\97_resourceApiWrapper.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\userCode\background.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\userCode\extension.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\actions\1.png
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon128.png
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon16.png
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon48.png
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\chrome.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\cookie.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\message.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\pageAction.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\pageActionBG.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\background.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\app_api.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\bg_app_api.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\consts.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\cookie_store.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\crossriderAPI.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\delegate.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\events.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\extensionDataStore.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\installer.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\logFile.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\logging.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\onBGDocumentLoad.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\popupResource\newPopup.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\popupResource\popup.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\reports.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\storageWrapper.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\updateManager.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\util.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\xhr.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\main.js
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\manifest.json
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\popup.html
    c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Eli\AppData\Roaming\Microsoft\Windows\Recent\Portal 2.url
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\install.rdf
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\bootstrap.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\harness-options.json
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\icon.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\icon64.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\install.rdf
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\en-GB.json
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\eo.json
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\fr-FR.json
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locales.json
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
     
  13. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\install.rdf
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
    c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\install.rdf
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
    c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
    c:\windows\SysWow64\ndisapi.dll
    c:\windows\SysWow64\tmp587E.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-09-27 to 2013-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Jed\AppData\Local\temp
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Default\AppData\Local\temp
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Gretchen\AppData\Local\temp
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Veronica\AppData\Local\temp
    2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Abraham\AppData\Local\temp
    2013-10-27 21:46 . 2013-10-27 21:4675888----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980ACE08-FDD0-431D-A8DD-8913C7198078}\offreg.dll
    2013-10-27 15:30 . 2013-10-27 16:04--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-10-27 15:29 . 2013-10-27 15:2991352----a-w-c:\windows\system32\drivers\mbamchameleon.sys
    2013-10-27 15:21 . 2013-10-27 15:21--------d-----w-c:\windows\snack
    2013-10-27 03:36 . 2013-10-14 07:1210280728----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980ACE08-FDD0-431D-A8DD-8913C7198078}\mpengine.dll
    2013-10-27 02:30 . 2013-10-27 02:30--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-10-27 02:30 . 2013-04-04 18:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-10-26 21:23 . 2013-10-14 07:1210280728----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-10-25 14:37 . 2013-10-27 03:15--------d-----w-c:\users\Eli\AppData\Roaming\DefaultTab
    2013-10-25 14:24 . 2013-10-25 15:38--------d-----w-c:\program files (x86)\MyPC Backup
    2013-10-25 14:24 . 2013-10-25 14:24640957----a-w-c:\windows\unins000.exe
    2013-10-25 14:24 . 2002-04-06 01:57237568----a-w-c:\windows\Matrix Code Emulator.scr
    2013-10-22 00:45 . 2013-10-22 00:58--------d-----w-C:\321403204fe272438589fd
    2013-10-21 01:17 . 2013-10-21 01:17--------d-----w-c:\users\Eli\AppData\Roaming\SanDisk
    2013-10-20 00:06 . 2013-10-20 00:06--------d-----w-c:\program files (x86)\Common Files\TechSmith Shared
    2013-10-20 00:05 . 2013-10-20 00:05--------d-----w-c:\program files (x86)\TechSmith
    2013-10-19 21:29 . 2013-10-19 21:29--------d-----w-c:\programdata\Oracle
    2013-10-19 21:29 . 2013-10-19 21:29--------d-----w-c:\program files (x86)\Common Files\Java
    2013-10-19 21:29 . 2013-10-08 11:5096168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-18 21:19 . 2013-10-18 21:18965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EDF1560-E8B5-409D-ADA1-F50A307D7160}\gapaengine.dll
    2013-10-16 12:03 . 2013-10-16 12:03--------d-----w-c:\windows\SysWow64\Hotspot Shield
    2013-10-16 01:28 . 2013-10-16 01:29--------d-----w-c:\programdata\Hotspot Shield
    2013-10-16 01:27 . 2013-09-17 20:3146792----a-w-c:\windows\system32\drivers\hssdrv6.sys
    2013-10-16 01:27 . 2013-10-16 01:29--------d-----w-c:\program files (x86)\Hotspot Shield
    2013-10-14 21:04 . 2012-06-18 02:181202688----a-w-c:\windows\system32\ac3filter64.acm
    2013-10-14 21:04 . 2012-06-18 02:10965120----a-w-c:\windows\SysWow64\ac3filter.acm
    2013-10-14 21:04 . 2013-10-14 21:04--------d-----w-c:\program files (x86)\AC3Filter
    2013-10-13 22:34 . 2013-10-13 22:34--------d-----w-c:\programdata\NaturalReaders
    2013-10-13 22:31 . 2013-10-13 22:31--------d-----w-c:\programdata\NaturalSoft
    2013-10-09 12:04 . 2013-10-09 12:0417813896----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-10-09 10:45 . 2013-07-03 04:0576800----a-w-c:\windows\system32\drivers\hidclass.sys
    2013-10-09 10:45 . 2013-07-03 04:0532896----a-w-c:\windows\system32\drivers\hidparse.sys
    2013-10-09 10:45 . 2013-08-28 01:213155968----a-w-c:\windows\system32\win32k.sys
    2013-10-09 10:45 . 2013-07-20 10:33102608----a-w-c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-10-09 10:45 . 2013-07-20 10:33124112----a-w-c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-09 10:45 . 2013-09-04 12:11325120----a-w-c:\windows\system32\drivers\usbport.sys
    2013-10-09 10:45 . 2013-09-04 12:1199840----a-w-c:\windows\system32\drivers\usbccgp.sys
    2013-10-09 10:45 . 2013-09-04 12:1152736----a-w-c:\windows\system32\drivers\usbehci.sys
    2013-10-09 10:45 . 2013-08-01 12:09983488----a-w-c:\windows\system32\drivers\dxgkrnl.sys
    2013-10-09 10:45 . 2013-09-04 12:12343040----a-w-c:\windows\system32\drivers\usbhub.sys
    2013-10-09 10:45 . 2013-09-04 12:1130720----a-w-c:\windows\system32\drivers\usbuhci.sys
    2013-10-09 10:45 . 2013-09-04 12:1125600----a-w-c:\windows\system32\drivers\usbohci.sys
    2013-10-09 10:45 . 2013-09-04 12:117808----a-w-c:\windows\system32\drivers\usbd.sys
    2013-10-06 22:48 . 2013-10-06 22:48--------d-----w-c:\users\Eli\AppData\Roaming\GRETECH
    2013-10-06 22:48 . 2013-10-06 22:48--------d-----w-c:\program files (x86)\GRETECH
    2013-10-05 23:10 . 2013-10-05 23:10--------d-----w-c:\users\Eli\exoriacache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-10-09 19:09 . 2012-06-11 03:0580541720----a-w-c:\windows\system32\MRT.exe
    2013-10-09 12:05 . 2012-04-18 20:44692616----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-10-09 12:05 . 2011-06-09 21:3371048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-09-17 20:33 . 2013-09-17 20:3342184----a-w-c:\windows\system32\drivers\taphss6.sys
    2013-09-07 01:15 . 2012-05-23 21:13466456----a-w-c:\windows\system32\wrap_oal.dll
    2013-09-07 01:15 . 2012-05-23 21:13444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2013-09-07 01:15 . 2012-05-23 21:13122904----a-w-c:\windows\system32\OpenAL32.dll
    2013-09-07 01:15 . 2012-05-23 21:13109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2013-09-06 20:19 . 2013-03-21 00:18965008------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-08-02 02:23 . 2013-09-11 09:535550528----a-w-c:\windows\system32\ntoskrnl.exe
    2013-08-02 02:15 . 2013-09-11 09:531732032----a-w-c:\windows\system32\ntdll.dll
    2013-08-02 02:15 . 2013-09-11 09:53243712----a-w-c:\windows\system32\wow64.dll
    2013-08-02 02:15 . 2013-09-11 09:53362496----a-w-c:\windows\system32\wow64win.dll
    2013-08-02 02:15 . 2013-09-11 09:5313312----a-w-c:\windows\system32\wow64cpu.dll
    2013-08-02 02:14 . 2013-09-11 09:53215040----a-w-c:\windows\system32\winsrv.dll
    2013-08-02 02:14 . 2013-09-11 09:5316384----a-w-c:\windows\system32\ntvdm64.dll
    2013-08-02 02:13 . 2013-09-11 09:53424448----a-w-c:\windows\system32\KernelBase.dll
    2013-08-02 02:13 . 2013-09-11 09:531161216----a-w-c:\windows\system32\kernel32.dll
    2013-08-02 02:12 . 2013-09-11 09:5343520----a-w-c:\windows\system32\csrsrv.dll
    2013-08-02 02:12 . 2013-09-11 09:536144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:536656----a-w-c:\windows\system32\apisetschema.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:535120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2013-08-02 01:59 . 2013-09-11 09:533968960----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-08-02 01:59 . 2013-09-11 09:533913664----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-08-02 01:51 . 2013-09-11 09:531292192----a-w-c:\windows\SysWow64\ntdll.dll
    2013-08-02 01:50 . 2013-09-11 09:53274944----a-w-c:\windows\SysWow64\KernelBase.dll
    2013-08-02 01:50 . 2013-09-11 09:535120----a-w-c:\windows\SysWow64\wow32.dll
    2013-08-02 01:48 . 2013-09-11 09:535120---ha-w-c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:534608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:536656----a-w-c:\windows\SysWow64\apisetschema.dll
    2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
     
  14. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 09:5344032----a-w-c:\windows\apppatch\acwow64.dll
    2013-08-02 01:09 . 2013-09-11 09:53338432----a-w-c:\windows\system32\conhost.exe
    2013-08-02 00:59 . 2013-09-11 09:53112640----a-w-c:\windows\system32\smss.exe
    2013-08-02 00:45 . 2013-09-11 09:5325600----a-w-c:\windows\SysWow64\setup16.exe
    2013-08-02 00:45 . 2013-09-11 09:5314336----a-w-c:\windows\SysWow64\ntvdm64.dll
    2013-08-02 00:45 . 2013-09-11 09:537680----a-w-c:\windows\SysWow64\instnm.exe
    2013-08-02 00:45 . 2013-09-11 09:532048----a-w-c:\windows\SysWow64\user.exe
    2013-08-02 00:43 . 2013-09-11 09:536144---ha-w-c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43 . 2013-09-11 09:534608---ha-w-c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41120104----a-w-c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2012-08-10 22:54194928----a-w-c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
    "Facebook Update"="c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-14 138096]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-12 3093624]
    "Akamai NetSession Interface"="c:\users\Eli\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
    "uTorrent"="c:\users\Eli\AppData\Roaming\uTorrent\uTorrent.exe" [2013-10-26 902736]
    "SanDiskSecureAccess_Manager.exe"="c:\users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-09-25 30705792]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
    "BigDogPath"="c:\windows\VM_STI.exe" [2006-12-22 40960]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TrayMin300.exe.lnk - c:\program files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe [2010-1-19 278528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MioNet;MioNet Service;c:\program files (x86)\MioNet\MioNetManager.exe;c:\program files (x86)\MioNet\MioNetManager.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-10-16 19:481185744----a-w-c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 12:05]
    .
    2013-10-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008Core.job
    - c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 23:45]
    .
    2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008UA.job
    - c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 23:45]
    .
    2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 23:05]
    .
    2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 23:05]
    .
    2013-09-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.entru.com/?s=21983
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://search.entru.com/?s=21983
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8555
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: aeriagames.com
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.1
    FF - ProfilePath - c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - ExtSQL: 2013-10-25 10:37; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
    FF - ExtSQL: 2013-10-25 10:37; addon@defaulttab.com; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2013-10-25 12:27; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
    FF - ExtSQL: 2013-10-25 12:38; afext@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
    FF - ExtSQL: 2013-10-25 12:41; jid1-F9UJ2thwoAm5gQ@jetpack; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
    FF - user.js: extensions.funmoods.hmpg - false
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
    FF - user.js: extensions.funmoods.dfltSrch - false
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043&q=
    FF - user.js: extensions.funmoods.id - 90E6BAEC97503891
    FF - user.js: extensions.funmoods.instlDay - 15556
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:34
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - adknlg
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - adknlg
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=
    FF - user.js: extensions.BabylonToolbar.id - d89d389100000000000090e6baec9750
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15597
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:45
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120912_pcp_3712_3
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extentions.y2layers.installId - 0ce607e2-b2ae-4cdb-b8dc-643589254ef9
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - d89d389100000000000090e6baec9750
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15748
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.016:13
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{5F815AD7-A955-4943-91C4-7A96C2932399} - (no file)
    Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
    c:\users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Eli\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    AddRemove-DealCabby - c:\users\Eli\AppData\Local\dealcabby\uninst.exe
    AddRemove-MioNet - c:\program files (x86)\MioNet\uninstall.exe
    AddRemove-PlanetSide 2 - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\Uninstaller.exe
    AddRemove-UnityWebPlayer - c:\users\Eli\AppData\Local\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-10-27 18:22:43
    ComboFix-quarantined-files.txt 2013-10-27 22:22
    .
    Pre-Run: 385,161,719,808 bytes free
    Post-Run: 390,465,179,648 bytes free
    .
    - - End Of File - - 13EFEBF28E2C9C0E92210D723A05E330
    5778997D3E073C6583C14E80B2E5DB74


    I've noticed a change, the attachment(highlighted words) posted in my above post are nonexistent now!:D
     
  15. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    On the AdwCleaner it says please uncheck all elements that you do not want removed. After that is an uninstall option(with a trash can) and a clean option, which should I do first?
     
  17. Broni

    Broni Malware Annihilator Posts: 47,668   +267

    • Click on Scan button.
    • When the scan has finished click on Clean button.
    Don't uncheck anything.
     
  18. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    # AdwCleaner v3.010 - Report created 27/10/2013 at 20:55:20
    # Updated 20/10/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Eli - BUNDLEOFJOY
    # Running from : C:\Users\Eli\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Delta
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\Program Files (x86)\MyPC Backup
    Folder Deleted : C:\Program Files (x86)\OApps
    Folder Deleted : C:\Program Files (x86)\Playbryte
    Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Deleted : C:\Users\Abraham\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Abraham\AppData\LocalLow\Minibar
    Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\Minibar
    Folder Deleted : C:\Users\Gretchen\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Gretchen\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Eli\AppData\Local\Conduit
    Folder Deleted : C:\Users\Eli\AppData\Local\getsavin
    Folder Deleted : C:\Users\Eli\AppData\Local\Giant Savings
    Folder Deleted : C:\Users\Eli\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Eli\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Eli\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Eli\AppData\LocalLow\Minibar
    Folder Deleted : C:\Users\Eli\AppData\LocalLow\Playbryte
    Folder Deleted : C:\Users\Eli\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Search Protection
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\FCTB
    Folder Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\ffxtlbr@babylon.com
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\ffxtlbr@delta.com
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\playbryte@playbryte.com
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\tidynetwork@tidynetwork
    Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Grandma Di-Di\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\addon@defaulttab.com.xpi
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\plugin@yontoo.com.xpi
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\bprotector_prefs.js
    File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\BrowserMngr_extensions.sqlite
    File Deleted : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\BrowserMngr_extensions.sqlite
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\defaulttab.config
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\invalidprefs.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\Askcom.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\BabylonMngr.xml
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\bingp.xml
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\delta.xml
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\search.xml
    File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\user.js
    File Deleted : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\user.js
    File Deleted : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\user.js
    File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKCU\Software\fed78db734e540
    Key Deleted : HKLM\SOFTWARE\fed78db734e540
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Webplayer
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Playbryte
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\prefs.js ]

    Line Deleted : user_pref("extensions.crossrider.bic", "139f5c74e1991ae08cc7ea082947815d");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348448243);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348448243");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348448243");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Thu Oct 11 2012 19:36:09 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1349558091");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348448303098");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2285442%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348448261470");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "40");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sat Oct 06 2012 23:14:53 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 40);
    Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139f5c74e1991ae08cc7ea082947815d");
    Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348448243);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22492635);
     
  19. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22492644);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 6);
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "2A9A3124DBC5C0182B688F403314455D3013EEE13B51F3E0F7236AA143833A65DB055212764438584F170E30346FB21AD29A345D41F8DD8D5D2F8AB2346348B0020D1AC4[...]
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "18529237");
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.disablecuidinject", "1");
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.lastcheck", "Sun%20Nov%2013%202011%2019%3A56%3A04%20GMT-0500%20%28Eastern%20Standard%20Time%29");
    Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);

    [ File : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\prefs.js ]

    Line Deleted : user_pref("aim_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mru[...]
    Line Deleted : user_pref("aol_toolbar.surf.date", "4");
    Line Deleted : user_pref("aol_toolbar.surf.lastDate", "23");
    Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "11");
    Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
    Line Deleted : user_pref("aol_toolbar.surf.month", "4");
    Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "215");
    Line Deleted : user_pref("aol_toolbar.surf.total", "223");
    Line Deleted : user_pref("aol_toolbar.surf.week", "4");
    Line Deleted : user_pref("aol_toolbar.surf.year", "218");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mrud=28-[...]
    Line Deleted : user_pref("extensions.crossrider.bic", "13aa98e91227eeec61337250f74fdb4b");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1351464424);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1351464424");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13aa98e91227eeec61337250f74fdb4b");
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1351464424);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22604686);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22604687);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Line Deleted : user_pref("extensions.enabledAddons", "{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1,moveplayer@movenetworks.com:1.0.0.%(version)s,{D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1,{c2f863cd-0429-48c7-bb54[...]
    Line Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aimright-ab-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mrud=28-10-2012&query[...]

    [ File : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\prefs.js ]

    Line Deleted : user_pref("extensions.crossrider.bic", "13afcbfc0baeabfeb56e0631cdf57ee7");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1352860156);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 42);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1352860156");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1352860156");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Sat May 25 2013 21:59:58 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B_GPL_PLUGIN.st%3D%7B%5C%2[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Sat May 25 2013 21:59:58 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Sat Jun 01 2013 21:45:03 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1369532758");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221368543869%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure_tmp.expiration", "Sat May 25 2013 22:04:58 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure_tmp.value", "1369533298");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1354895763027");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%22106125%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1354895713093");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "97");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sun May 26 2013 03:45:35 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 38);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 7);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/086/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 68);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 97);
    Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13afcbfc0baeabfeb56e0631cdf57ee7");
    Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1352860156);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22825545);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22825555);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4479@crossrider.com:0.86.44,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2");

    [ File : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\prefs.js ]

    Line Deleted : user_pref("extensions.crossrider.bic", "13a0001a93872d13f7581086792ea141");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348619840);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348619840");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348619840");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Fri Oct 12 2012 18:21:28 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1349741393");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2258453%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2258453%26subid%3D%26pid%3D1242%22%7D[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2258453%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1349475695051");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2286235%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348619850971");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "42");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Tue Oct 09 2012 02:10:15 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 42);
    Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13a0001a93872d13f7581086792ea141");
    Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348619840);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22495690);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22495690);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");

    [ File : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
    Line Deleted : user_pref("browser.search.order.1", "Ask.com");
    Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
    Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
    Line Deleted : user_pref("extensions.crossrider.bic", "139cc7c37d2074aa76c49cfc2fe0d706");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347755456);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 43);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347755456");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347755456");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Mon Aug 05 2013 19:21:15 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1375234888");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221372100319%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.value", "24");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.value", "1368281456");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1347807086411");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2282418%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1347807063632");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "99");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Wed Jul 31 2013 03:41:30 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
     
  20. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 8);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 9);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 70);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 99);
    Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
    Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139cc7c37d2074aa76c49cfc2fe0d706");
    Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1347755456);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22920582);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22920582);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Line Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 4);
    Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4479%40crossrider.com:0.91.97,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2");

    [ File : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\prefs.js ]

    Line Deleted : user_pref("CT3220468.UserID", "UN22771687512931828");
    Line Deleted : user_pref("CT3220468.autoDisableScopes", 14);
    Line Deleted : user_pref("CT3220468.installDate", "12/2/2013 0:08:59");
    Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
    Line Deleted : user_pref("browser.search.order.1", "Ask.com");
    Line Deleted : user_pref("ct3220468.UserID", "UN22771687512931828");
    Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110796&tt=120912_pcp_3712_3");
    Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "25");
    Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
    Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
    Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A6BCD70A7D14F304C6FB949619ABF208");
    Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
    Line Deleted : user_pref("extensions.BabylonToolbar.id", "d89d389100000000000090e6baec9750");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15597");
    Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1216:45:56");
    Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
    Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"7\",\"lastVrsn\":\"7\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":0}");
    Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
    Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
    Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1216:45:56");
    Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110796&tt=120912_pcp_3712_3");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1216:45:56");
    Line Deleted : user_pref("extensions.crossrider.bic", "139c836afd32e93a00d99db523afed6f");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347655536);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 43);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347655536");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347655536");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Fri Oct 25 2013 12:47:14 GMT-0400 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%2274052%26pid%3D1269%5C%22%3A%7Bs%3A%5B%5C%2274052%26pid%3D1695%5C%22%2C[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Fri Oct 25 2013 12:47:14 GMT-0400 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361070131");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Fri Nov 01 2013 12:07:49 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1382719324");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221381868224%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.value", "24");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.value", "1370698930");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_list.expiration", "Fri Oct 25 2013 18:09:41 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A%2[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1349999301199");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2282063%22");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1349999291662");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.php%22%2C%22host%22%3A%22www.facebook.com%22%2C%22scheme%22%3A%22hxxps%22%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221FA86426222C46FD97DD40EBCFA399B1IE%22%2C%22installer_verifier%22%3A%2288bef89cbb239022[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "100");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Fri Oct 25 2013 18:07:55 GMT-0400 (Eastern Daylight Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 8);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 5);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 9);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 12);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 5);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 5);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var b=function(e){return(![...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof window.navigator!==\"undefined\"&&typeof window.navigator.userAgent!==\"undefi[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 5);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b={DUMMY_PAGE_URL:\"hxxp://page.our-app.net/blank/resource.html\"};var c=\"cr_\"+appAPI.appID+\"internalMessage\"[...]
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 3);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.json");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 71);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
    Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 100);
    Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
    Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139c836afd32e93a00d99db523afed6f");
    Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
    Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
    Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1377738704);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 23045288);
    Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 23045322);
    Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
    Line Deleted : user_pref("extensions.crossriderapp4479.reportInstall", true);
    Line Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 5);
    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.bbDpng", "25");
    Line Deleted : user_pref("extensions.delta.cntry", "US");
    Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    Line Deleted : user_pref("extensions.delta.dfltSrch", false);
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.hdrMd5", "CE0F02EC4E1BC53293436DF11D6DBD5B");
    Line Deleted : user_pref("extensions.delta.hmpg", false);
    Line Deleted : user_pref("extensions.delta.id", "d89d389100000000000090e6baec9750");
    Line Deleted : user_pref("extensions.delta.instlDay", "15748");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.lastVrsnTs", "");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.sg", "azb");
    Line Deleted : user_pref("extensions.delta.smplGrp", "azb");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.016:13:58");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
    Line Deleted : user_pref("extensions.enabledAddons", "addon%40freecorder.com:7.0.0.13,crossriderapp4479%40crossrider.com:0.91.97,ffxtlbr%40babylon.com:1.5.0,ffxtlbr%40delta.com:1.5.0,ffxtlbr%40funmoods.com:1.5.1,plu[...]
    Line Deleted : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc7/ui/buttons/menu_header-ltyt.png\",\"width\":225,\"height\":65},{\[...]
    Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
    Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
    Line Deleted : user_pref("extensions.funmoods.cntry", "US");
    Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
    Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
    Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
    Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
    Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
    Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
    Line Deleted : user_pref("extensions.funmoods.hdrMd5", "3C65DC9966DB4D5649967FE400E8420D");
    Line Deleted : user_pref("extensions.funmoods.hmpg", false);
    Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043[...]
    Line Deleted : user_pref("extensions.funmoods.id", "90E6BAEC97503891");
    Line Deleted : user_pref("extensions.funmoods.instlDay", "15556");
    Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
    Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:34:13");
    Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Line Deleted : user_pref("extensions.funmoods.newTab", false);
    Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=7541550[...]
    Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"lastVrsn\":\"245\",\"newVrsn\":\"245\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"lstMsgTs\":0,\"msgTs\":0,\"vrsnLoad\":\"\"}");
    Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.sg", "none");
    Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
    Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
    Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=75415[...]
    Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:34:13");
    Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
    Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
    Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:34:13");
    Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0");
    Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0");
    Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0");
    Line Deleted : user_pref("extensions.kango.storage.m2_k4", "0");
    Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1382719333325");
    Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Apps Hat\",\"description\":\"Apps Hat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%af[...]
    Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
    Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
    Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,buzzdock,YontooNewOffers");
    Line Deleted : user_pref("extentions.y2layers.installId", "0ce607e2-b2ae-4cdb-b8dc-643589254ef9");

    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : icon_url

    [ File : C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Grandma Di-Di\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [118302 octets] - [27/10/2013 20:44:26]
    AdwCleaner[S0].txt - [119097 octets] - [27/10/2013 20:55:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [119159 octets] ##########
     
  21. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Windows 7 Home Premium x64
    Ran by Eli on Sun 10/27/2013 at 21:01:53.15
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] hshld
    Successfully deleted: [Service] hshld
    Successfully stopped: [Service] hsstrayservice
    Successfully deleted: [Service] hsstrayservice
    Successfully stopped: [Service] hsswd
    Successfully deleted: [Service] hsswd



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\SweetIM
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0634EF2-6B25-4D60-9F4C-122C129B4BCA}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
    Successfully deleted: [Folder] "C:\Users\Eli\AppData\Roaming\hotspot shield"
    Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\appshat mobile apps"
    Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\webplayer"
    Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
    Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [Folder] C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\extensions\addon@freecorder.com
    Successfully deleted the following from C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\prefs.js

    user_pref("extensions.defaulttab.installdate", 1382717374);
    user_pref("extensions.defaulttab.useNewTabWhiteList", false);
    user_pref("settings.premium.greatarcadehits.cl_addonData", "hxxp://tt.greatarcadehits.com/cljs?options=YTMyMDU4NDIyODX885koe7L2XzS%2FoccbNPysp%2BfIdqTUi7CKWBBE8wx1F69LoY42Z8SZ
    Emptied folder: C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\minidumps [14 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
    Successfully deleted: [Folder] C:\Users\Eli\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/27/2013 at 21:10:03.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  22. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    OTL logfile created on: 10/27/2013 21:20:00 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eli\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 63.97% Memory free
    11.50 Gb Paging File | 8.95 Gb Available in Paging File | 77.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.07 Gb Total Space | 367.32 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
    Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS

    Computer Name: BUNDLEOFJOY | User Name: Eli | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/27 21:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eli\Downloads\OTL.exe
    PRC - [2013/10/26 17:14:12 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
    PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2013/10/08 22:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    PRC - [2013/09/25 19:58:06 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    PRC - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    PRC - [2013/07/03 17:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    PRC - [2013/07/03 17:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/01/12 16:47:38 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/07/19 14:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
    PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
    PRC - [2006/12/22 12:45:00 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE
    PRC - [2005/07/15 16:38:33 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\MioNet\MioNetManager.exe
    PRC - [2005/07/12 20:57:42 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
    PRC - [2004/06/04 00:09:14 | 000,045,161 | ---- | M] () -- C:\Program Files (x86)\MioNet\jvm\bin\MioNet.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/09 17:01:22 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
    MOD - [2013/10/09 17:00:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
    MOD - [2013/10/09 17:00:40 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
    MOD - [2013/10/09 17:00:29 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
    MOD - [2013/10/09 17:00:22 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
    MOD - [2013/10/08 22:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2013/09/10 18:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2013/08/21 18:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
    MOD - [2013/08/20 03:37:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
    MOD - [2013/08/20 03:30:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/20 03:29:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
    MOD - [2013/08/20 03:29:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/20 03:29:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/20 03:28:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/10 10:48:48 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
    MOD - [2013/07/10 10:47:58 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll
    MOD - [2013/07/10 10:47:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2013/01/12 16:47:38 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    MOD - [2012/02/14 19:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    MOD - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    MOD - [2005/07/12 20:57:42 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 14:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2013/10/25 12:39:01 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/10/09 08:05:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/07/03 17:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/01/07 16:10:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2005/07/15 16:38:33 | 000,139,264 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MioNet\MioNetManager.exe -- (MioNet)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/17 16:33:40 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
    DRV:64bit: - [2013/09/17 16:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
    DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/13 14:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/07/14 18:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
    DRV:64bit: - [2011/03/24 15:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
    DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV:64bit: - [2010/01/07 16:07:33 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 06:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/19 12:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2006/12/22 12:46:28 | 000,432,512 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/05/16 19:03:44 | 000,015,340 | R--- | M] (NT Kernel Resources) [Kernel | Boot | Unknown] -- C:\Windows\SysWow64\drivers\ndisrd.sys -- (NDISRD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{1235B3BB-2B63-4F90-BA16-37F536739926}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{BFE680F5-69D4-4A76-A974-C15503F8F00B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{1235B3BB-2B63-4F90-BA16-37F536739926}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{BFE680F5-69D4-4A76-A974-C15503F8F00B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{17013DA4-ABD2-4D5B-828B-2EC71CAFD2B4}: "URL" = http://www.bing.com/search?FORM=U040DF&PC=U040&dt=080113&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS374
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{D75FC124-029F-42CD-8D92-6F11294ECB91}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\580C66D222804DCD96942DB765DD2B93: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=en_US&c=94&bd=bestbuy&pf=cndt
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
    IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\..\SearchScopes,DefaultScope =
     
  23. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/25 12:39:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/27 20:55:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Eli\AppData\Local\GreatArcadeHits\gahff.xpi
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/25 12:39:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/27 20:55:30 | 000,000,000 | ---D | M]

    [2012/05/31 10:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Extensions
    [2013/10/27 21:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions
    [2013/02/12 17:13:29 | 000,000,000 | ---D | M] (GetSavin) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\getsavin@jetpack
    [2013/03/17 16:08:55 | 000,000,000 | ---D | M] (Web Backup Drop Pad) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\Strongvault@Strongvault.com
    [2013/10/25 12:41:57 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
    [2013/10/25 12:27:06 | 000,348,414 | ---- | M] () (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
    [2013/10/25 10:39:22 | 000,003,746 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\safeguard-secure-search.xml
    [2013/07/31 09:17:44 | 000,000,915 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\yahoo.xml
    [2013/10/25 12:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/10/25 12:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/10/25 12:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/10/25 12:38:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/10/25 12:39:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/10/25 12:38:30 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
    File not found (No name found) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\17.0.0.12
    File not found (No name found) -- C:\USERS\ELI\APPDATA\LOCAL\GREATARCADEHITS\GAHFF.XPI
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\{97A78363-B868-4B48-AC91-A783A31215AF}
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\ADDON@FREECORDER.COM
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\CROSSRIDERAPP4479@CROSSRIDER.COM
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
    File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\TIDYNETWORK@TIDYNETWORK
    [2012/09/15 20:32:26 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2013/10/25 10:37:25 | 000,003,746 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Docs = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
    CHR - Extension: Google Drive = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
    CHR - Extension: Adblock Plus = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
    CHR - Extension: Google Search = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
    CHR - Extension: Night Time In New York City = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_1\
    CHR - Extension: Quick Note = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0\
    CHR - Extension: Gmail = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/10/27 18:20:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5F815AD7-A955-4943-91C4-7A96C2932399} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.exe (BIGDOG)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Akamai NetSession Interface] C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Facebook Update] C:\Users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [uTorrent] C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
    O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/22 16:26:31 | 000,018,132 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/27 21:01:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/10/27 20:44:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/10/27 18:22:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/10/27 18:22:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/10/27 18:02:27 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/10/27 17:59:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/10/27 17:59:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/10/27 17:59:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/10/27 17:59:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/10/27 17:58:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/10/27 12:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eli\Desktop\Broni
    [2013/10/27 11:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/10/27 11:29:26 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/10/27 11:21:45 | 000,000,000 | ---D | C] -- C:\Windows\snack
    [2013/10/26 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Eli\Desktop\English Papers
    [2013/10/26 22:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/10/26 22:30:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/10/26 22:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/10/25 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/10/25 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\League of Legends
    [2013/10/25 10:32:41 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\Jobs
    [2013/10/21 20:45:26 | 000,000,000 | ---D | C] -- C:\321403204fe272438589fd
    [2013/10/20 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
    [2013/10/20 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\SanDisk
    [2013/10/19 20:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    [2013/10/19 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
    [2013/10/19 20:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
    [2013/10/19 17:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/10/19 17:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/10/19 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/10/16 08:03:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
    [2013/10/15 21:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
    [2013/10/15 21:27:31 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
    [2013/10/14 17:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2013/10/14 17:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
    [2013/10/13 18:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalReaders
    [2013/10/13 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft
    [2013/10/06 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
    [2013/10/06 18:48:33 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\GRETECH
    [2013/10/06 18:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
    [2013/10/05 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Eli\exoriacache
    [2013/10/04 21:57:34 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\Scratch Projects
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/27 21:05:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/27 21:05:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/27 21:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/10/27 20:57:38 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/27 20:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/27 20:57:10 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/27 20:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/27 19:50:07 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008UA.job
    [2013/10/27 19:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008Core.job
    [2013/10/27 18:20:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/10/27 11:29:26 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/10/27 11:19:38 | 000,000,024 | ---- | M] () -- C:\Users\Eli\random.dat
    [2013/10/27 11:13:31 | 000,000,040 | ---- | M] () -- C:\Users\Eli\exoria_cl_exoria_LIVE.dat
    [2013/10/26 22:30:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/10/26 17:13:17 | 000,000,258 | RHS- | M] () -- C:\Users\Eli\ntuser.pol
    [2013/10/25 10:24:20 | 000,000,798 | ---- | M] () -- C:\Windows\unins000.dat
    [2013/10/25 10:24:16 | 000,640,957 | ---- | M] () -- C:\Windows\unins000.exe
    [2013/10/24 15:21:39 | 000,000,032 | ---- | M] () -- C:\Users\Eli\jagex_cl_runescape_LIVE.dat
    [2013/10/22 20:15:10 | 000,000,219 | ---- | M] () -- C:\Users\Eli\Desktop\Dota 2.url
    [2013/10/22 16:27:39 | 000,001,337 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
    [2013/10/20 21:22:22 | 021,321,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/10/20 21:22:22 | 007,230,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/10/20 21:22:22 | 000,006,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/10/19 21:37:40 | 000,000,023 | ---- | M] () -- C:\Users\Eli\jagexappletviewer.preferences
    [2013/10/19 20:07:35 | 000,006,656 | ---- | M] () -- C:\Users\Eli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/15 21:29:21 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
    [2013/10/15 16:52:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/10/10 06:35:49 | 000,453,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/10/09 17:46:47 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/10/06 18:48:44 | 000,001,215 | ---- | M] () -- C:\Users\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/10/06 18:48:43 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/27 17:59:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/10/27 17:59:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/10/27 17:59:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/10/27 17:59:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/10/27 17:59:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/10/27 11:21:45 | 000,198,656 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFRd.sys.dump
    [2013/10/26 22:30:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/10/25 10:37:48 | 000,000,258 | RHS- | C] () -- C:\Users\Eli\ntuser.pol
    [2013/10/25 10:24:20 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
    [2013/10/25 10:24:20 | 000,237,568 | ---- | C] () -- C:\Windows\Matrix Code Emulator.scr
    [2013/10/25 10:24:20 | 000,000,798 | ---- | C] () -- C:\Windows\unins000.dat
    [2013/10/22 20:15:10 | 000,000,219 | ---- | C] () -- C:\Users\Eli\Desktop\Dota 2.url
    [2013/10/22 16:27:39 | 000,001,337 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
    [2013/10/15 21:29:21 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
    [2013/10/14 17:04:25 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
    [2013/10/14 17:04:24 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
    [2013/10/09 17:46:47 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    [2013/10/09 17:46:47 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/10/06 18:48:44 | 000,001,215 | ---- | C] () -- C:\Users\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/10/06 18:48:43 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
    [2013/10/05 19:10:54 | 000,000,040 | ---- | C] () -- C:\Users\Eli\exoria_cl_exoria_LIVE.dat
    [2013/05/06 18:00:24 | 000,034,816 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\RZR_0070b1b840a08e750a5517a2ed2c.db
    [2013/02/22 13:56:34 | 000,000,042 | ---- | C] () -- C:\Users\Eli\jagex_cl_oldschool_LIVE.dat
    [2013/02/12 17:17:10 | 000,004,510 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamStudio.cfg
    [2013/02/12 17:17:10 | 000,000,408 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamShapes.ini
    [2013/02/12 17:17:10 | 000,000,408 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamLayout.ini
    [2013/02/12 17:17:10 | 000,000,046 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\Camdata.ini
    [2013/01/07 17:36:38 | 000,000,288 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\.backup.dm
    [2012/11/19 17:50:50 | 000,000,044 | ---- | C] () -- C:\Users\Eli\jagex_cl_loginapplet_LIVE.dat
    [2012/10/04 19:26:48 | 000,006,656 | ---- | C] () -- C:\Users\Eli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/29 12:35:53 | 000,000,047 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE_BETA.dat
    [2012/06/29 12:35:53 | 000,000,024 | ---- | C] () -- C:\Users\Eli\random.dat
    [2012/06/12 10:25:39 | 000,000,023 | ---- | C] () -- C:\Users\Eli\jagexappletviewer.preferences
    [2012/06/10 23:00:15 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE3.dat
    [2012/06/08 21:43:42 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE2.dat
    [2012/05/31 23:34:26 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE1.dat
    [2012/05/31 13:00:35 | 000,000,032 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE.dat
    [2012/03/26 19:15:55 | 000,006,676 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/03/20 14:18:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2010/01/05 21:12:18 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\acccore
    [2010/05/18 15:52:25 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\Deusty
    [2013/08/02 12:43:06 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\LolClient
    [2011/01/08 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\NetAssistant
    [2009/12/24 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\PictureMover
    [2013/02/21 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\TeamViewer
    [2009/12/24 03:23:34 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\Template
    [2009/12/24 12:31:26 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\WildTangent
    [2010/05/27 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\WinBatch
    [2013/10/08 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\.minecraft
    [2012/09/10 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\acccore
    [2013/04/12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Armagetron
    [2013/05/27 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Azureus
    [2012/08/04 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
    [2013/01/05 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\fltk.org
    [2013/02/28 22:39:42 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\ftblauncher
    [2013/02/12 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\LogSys
    [2013/01/31 08:01:36 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\LolClient
    [2013/05/11 23:54:28 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\MAXON
    [2013/05/06 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\MonoDevelop-Unity-2.8
    [2013/05/27 15:34:36 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Nico Mak Computing
    [2013/10/24 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\OBS
    [2013/07/22 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Oracle
    [2013/09/06 20:31:54 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Riot Games
    [2013/03/03 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Rylstim Screen Recorder
    [2013/10/20 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\SanDisk
    [2013/01/07 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\SanDisk SecureAccess
    [2012/09/14 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Screaming Bee
    [2013/05/06 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\stetic
    [2013/03/17 20:41:40 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\TeamViewer
    [2012/10/04 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\TechSmith
    [2013/05/06 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Unity
    [2013/10/27 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\uTorrent
    [2010/01/15 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\acccore
    [2010/01/08 12:24:54 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\PictureMover
    [2013/04/14 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\TeamViewer
    [2010/01/11 23:28:31 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\Template
    [2012/01/01 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\WildTangent
    [2010/05/05 21:23:39 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\WinBatch
    [2013/01/06 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\.minecraft
    [2009/12/25 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\acccore
    [2010/10/10 00:32:27 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\Deusty
    [2013/07/30 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\LolClient
    [2009/12/25 21:58:10 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\PictureMover
    [2013/02/19 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\TeamViewer
    [2010/01/04 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\Template
    [2010/05/30 17:59:53 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\WildTangent
    [2010/01/06 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\WinBatch
    [2012/09/07 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\.minecraft
    [2009/12/24 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\acccore
    [2010/07/21 00:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\GARMIN
    [2009/12/24 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\PictureMover
    [2009/12/28 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\Template
    [2012/05/16 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\TS3Client
    [2010/12/21 11:15:16 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\WildTangent
    [2010/01/04 20:00:49 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\WinBatch
    [2012/05/26 08:55:16 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\.minecraft
    [2010/05/03 15:28:28 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\acccore
    [2011/11/14 19:54:08 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2009/12/31 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\PictureMover
    [2010/01/10 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\Template
    [2012/01/02 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\WildTangent
    [2010/05/12 19:19:18 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    < End of report >
     
  24. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    OTL Extras logfile created on: 10/27/2013 21:20:00 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eli\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16721)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 63.97% Memory free
    11.50 Gb Paging File | 8.95 Gb Available in Paging File | 77.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 584.07 Gb Total Space | 367.32 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
    Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS

    Computer Name: BUNDLEOFJOY | User Name: Eli | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{017C5380-36FA-4862-8075-84219DD9EBB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{048FDBB5-E313-45E0-89DF-F7ED7F244291}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{0854B639-76E2-448C-9A89-8A6DCB7ABBB2}" = lport=1641 | protocol=6 | dir=in | name=mionet remote drive verification |
    "{2F6E8BF8-1B8A-4773-8909-A4F9E908210A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3DA4E1EF-F9AB-482C-B9B3-E23B8E12C267}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4E6BFF08-A4C9-4038-AE7D-AC71E129C164}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4F10C8F1-4680-4BBB-89E4-BDED390481CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{595C750D-A44E-4E06-AF83-B5342DDE4280}" = rport=445 | protocol=6 | dir=out | app=system |
    "{606E11C8-6B19-4556-952D-747D76E81E0B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6B323F27-C864-40B7-8EB7-02F2D94BF712}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{6C8B8C05-7CA4-4BA6-A066-FD928847C6F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EBA2F6F-6ADC-494F-BE69-7875346184F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8056738B-3AD2-4FC4-B8C2-36DAE29F15F3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{87CFCD82-FEC2-4BD5-AD80-B7D0D365930F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{91378E59-C69F-45F7-9618-74B7F106520D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{944CCF6B-539A-47B3-B18D-DA823AFE92B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{998903B7-504C-4316-8440-4AE113C3772C}" = lport=1700 | protocol=6 | dir=in | name=mionet remote drive access |
    "{A3B0231D-CF7C-44ED-94E9-35A08AD88B24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF9513C1-A926-4972-A670-3C44B7605B1D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BEF31935-4006-41C0-8258-48BD4A55ACC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CD022D9E-AC3D-421B-9430-7B4916859AFC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D0899E79-7FD2-4F70-8FA6-C926026117C8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D487654D-6DD2-4DC4-B37B-2398FC621193}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DF324B48-EC81-4099-A289-F786AF898318}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F0E5BA39-8FC0-407F-A60C-B530655CE3EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F5343616-D8B1-4652-B70B-271026645722}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FFCC8058-44BF-45F2-AD35-30C9B4D200A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{050E09D6-53F7-4752-B904-55C67B972DF1}" = protocol=17 | dir=in | app=c:\users\eli\appdata\roaming\utorrent\utorrent.exe |
    "{06F1634B-371F-4900-BE1C-AA3C151C36F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{072A1C14-D3D6-4A15-BD05-1A0167C7EBCA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{0AD0E2E7-3514-4E01-9826-FB72D12D5582}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0B6C1B97-29F9-4C17-A9B0-C64775683006}" = protocol=6 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
    "{0E3125EB-F9C7-4FD5-8D72-98E97BA1837C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{10F87007-0F28-45AE-B11E-2697F8F4FA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
    "{16C7C5AD-9A66-4494-A6D2-7671B84BB830}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{194C54B6-7183-4941-A806-184C7529454C}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{1A3B0F1B-079D-456B-B804-EFA4155CAC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{1BD0F490-430B-4F2A-BFF5-E8C06131C81D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{22454D06-D0DA-442F-8B79-A2517310E3A1}" = protocol=6 | dir=in | app=c:\users\eli\appdata\roaming\utorrent\utorrent.exe |
    "{23F1CB8B-6609-4F1F-B5FC-24A431012706}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2BA7BE62-2746-419B-853A-549D60F399BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{2D99C7EB-788C-4D1A-A498-E1B9AB3279A2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{2EA9E53D-3507-4D54-9825-9723C62D09BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{332F27B5-056C-43B8-A1C5-C6B55253BB09}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{347A5211-6F4C-411E-9067-B89801857288}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{357EA1B7-B059-4336-95F8-D4200184A2CB}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
    "{37431D5E-26AC-4C2B-995C-6C6E84A660F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
    "{39A65EF9-4308-4DDD-95AF-7EC69FEB802F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{3C1D4F39-295D-4826-A366-6F423A99563F}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
    "{44C01921-B7F0-4672-B6FC-1A6003C6224B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{47B568A3-380A-4CB8-AE5B-EBDCDEB36F72}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4A253D14-4DD4-4D0F-B41A-DDA22DABB34C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{4B5C78E2-959B-46E3-8D74-E2BDB8FA6570}" = protocol=6 | dir=out | app=system |
    "{4C1ABD67-8CC1-46A0-8FB1-46105A6F6A91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{4E1FDABC-D3CD-426C-A16F-4CB9534BF62E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{5181F7DE-5F6F-46D2-A38F-AA63DB94CB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
    "{5A21449A-9ECD-42BE-9F7A-79ADC558E907}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5B82CB9C-8EBE-4505-A042-0C418A24E2B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\launcher.exe |
    "{5C50676E-569A-46DF-9495-A9DDFD2A7013}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{604DA2FB-BB5C-4508-B344-9D3D77923EB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{618CC154-AAB0-4186-B244-4BB9EBA68D53}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
    "{624D1A63-BABC-4402-BD2A-DCC9DBB2BB20}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{67AF9431-6C04-494D-8EA4-3110E156140E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{68175F1A-ECB6-4FBF-BA0C-952ECC8C9990}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{6ACE80BE-72ED-4DF7-8E8D-B1CA5BD2DE77}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{6D256FC0-CD7C-453C-A7A5-1E0D45740BC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{73103B2D-EA2E-4037-B9F9-AA2E9203D38A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{73540F21-4D91-4C96-AED1-C2E82C751C62}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{746F7327-DECA-4777-B76E-A282DF9787D9}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{8157B522-6D61-4573-8CE1-35EE35B1ECA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8182104F-32A8-43A8-9DA5-F7A5386083A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{862AFB70-51E0-4527-A271-8089B56E8C4F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{8BE37FAE-56F8-40DA-89DA-3807EF2A94CE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8BFA6AC3-F803-4639-A589-CB6C78064D4F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{8CAE016E-5CF5-467D-8F5D-73A21B82905B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8CEA4AEB-758D-4995-BECF-E4427A15FB2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E080CF5-5EAE-4213-B4D4-ADF31C764573}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{8FF826D8-61AA-4938-9796-166B111755FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{904BC22B-5D32-4099-A21A-A6C71CC174D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\aamfp.exe |
    "{91E60895-D32E-4FE6-888C-509F75A5F7F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9218C921-DAAE-4582-86C0-4163F8EC6D64}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A3FCE395-38DB-4A29-A9DF-740B8AD6BD55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{A46977CF-9B6F-441B-A0FD-CFEF7B473B78}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{A92C0769-CFDC-4D64-AFD5-D1D886C5AF92}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{AAE0048F-4446-4AED-9153-3B640F3A7BE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B06F8293-1321-4CEB-92E5-8C392AA882BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{B20FDF14-259A-44FA-928D-EAD3FEEAB9D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{B4415507-666B-4A3D-8CFC-170EFF83D875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "{B494439A-9BEB-48F6-A087-719F9958E38C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{B8984FDB-AAAC-43D2-A120-B575CCE162A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\aamfp.exe |
    "{BA2BEE6F-E326-4D09-AABC-BD011D6FE587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{BCAB4D33-AEC3-441D-B390-59111134F2BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BE5095F0-BA24-47B7-80C0-32296509ECE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BF42186E-FDE8-446C-8874-5907F609AAFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C0B51E5A-AC85-4249-B43A-2E4B4083B638}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{C14F40E2-0211-4FC3-A025-239DAD448ACF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C2EADB2B-F182-4706-905D-7B6082ED6A23}" = dir=in | app=c:\users\eli\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{C4A2B833-6482-4B83-BA56-98555DDEC37C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
    "{CE4C27A3-2B4D-456F-9815-16CCF95DB193}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{D7EAD038-DA07-4098-A461-C6C2514AFBD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{DC5F1B77-0E02-4360-9896-C7AE6F55EFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
    "{DD43D10B-6AE5-4D5B-AD52-4EDB05D552A2}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "{DE6F8282-7B09-49E5-8632-D91EA359CB7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E754873C-3B45-418C-9129-A5DA6AC23A57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\launcher.exe |
    "{E7DECE07-327D-48EB-AE3B-FD30E6B9870B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EA0A3A4E-2E3E-455F-8C6B-F661C633288F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EB1C04C7-9B3A-4A67-A3E5-66DCCE9F3192}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{EEC113AF-2498-4253-A66E-443C7D373A89}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{F8578D2E-3E80-4FE2-8C82-938A26553736}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "{FF2ECD1E-BD42-44DB-AB73-C61F5480EB99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{FF2FA4EB-3150-415A-978B-91723EBA63AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{1F6C2BD1-B454-4243-8B1C-35AA261407F8}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{22538201-C260-40D4-AD9B-55514EDA967D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{24068793-CE32-4E2D-9D62-F29A9C0D41B7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "TCP Query User{2D8668C9-663C-4450-A794-FE4E60E30499}C:\program files (x86)\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
    "TCP Query User{45D250A5-7E52-4348-A4F2-599FC19A6BA9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{69A2709D-6178-4976-A627-796FF17B4F76}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "TCP Query User{6B1442A5-1451-46F1-8B9A-9FAE8D4975B0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "TCP Query User{7569EA93-3A28-45EB-986B-8F4929B7AB4F}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
    "TCP Query User{8A12BC26-4CEF-41A3-934D-5B2BDB817C07}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
     
  25. TheDreams

    TheDreams TS Booster Topic Starter Posts: 551   +46

    "TCP Query User{97245264-CEA7-41ED-9D42-48BF3F62FCAB}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
    "TCP Query User{B62D02EE-7621-42FF-80C5-3E8ECCF0D857}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
    "TCP Query User{B814E2DA-F942-4E3B-BAE3-9F680753C321}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "TCP Query User{DD208215-4618-4D8F-AA75-E188DB2FDCA7}C:\users\eli\google drive\utorrent download(s)\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eli\google drive\utorrent download(s)\utorrent.exe |
    "TCP Query User{E1B03B37-1DDC-4400-9CCE-F617CCF61D13}C:\users\eli\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eli\desktop\utorrent.exe |
    "TCP Query User{F71D6C40-3704-4BA3-B6C6-42C3E379B48A}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{FBD856BA-0F0E-44D7-88BF-41268634DDA8}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
    "UDP Query User{206935D1-FAC3-4CB8-AF79-9E4A34FE9C81}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
    "UDP Query User{270DD85C-A8D3-43FD-AC83-9FE1EF7CA33B}C:\program files (x86)\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
    "UDP Query User{2B460557-0BB6-4D5A-B3AE-E86348B882EA}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{413AEC22-361D-42F9-8748-04BAD27CF73E}C:\users\eli\google drive\utorrent download(s)\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eli\google drive\utorrent download(s)\utorrent.exe |
    "UDP Query User{447D410F-F8B1-4486-8A20-AB094AB2FE8A}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
    "UDP Query User{60078C13-CE78-46BD-B104-576697A7A698}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{6A3B03D4-8869-4950-A18E-31572202D8E0}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
    "UDP Query User{6DD372D7-3C77-4DD1-B842-F98D606E7F6E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
    "UDP Query User{7C7DD84F-83BE-48FA-9A99-AD199E393CE8}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
    "UDP Query User{9533A1B1-5AAB-43D3-AE67-F8548576963A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{A57E96F0-34A6-4CE9-ADB9-1D53AA6F9199}C:\users\eli\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eli\desktop\utorrent.exe |
    "UDP Query User{C41D2473-A92B-461B-9123-308ADD66B862}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
    "UDP Query User{C6B00EB2-DB5D-46F4-BCDC-54413BDAA06C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
    "UDP Query User{CA3476C5-D394-44F6-90F7-F2B08BCB485E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{D0E23271-0017-4461-9584-FA1B86C38796}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{DC974569-D317-4140-8901-B180697574CC}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "PerformanceTest 8_is1" = PerformanceTest v8.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo
    "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
    "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
    "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
    "{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
    "{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
    "{269A4095-DB55-4D35-8FD0-39957D26BEEC}" = Philips VLounge
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
    "{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
    "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
    "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
    "{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
    "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
    "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
    "{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DD521EA9-7D08-403D-A830-38ECD1F76C38}" = MOVband SYNC
    "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
    "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}" = Philips SPC 300NC PC Camera
    "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
    "{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{F7616580-DB3E-46e1-ADC9-B83DFE059D5A}" = Advanced ID Creator
    "{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "AC3Filter_is1" = AC3Filter 2.5b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "AIM Toolbar" = AOL Messaging Toolbar
    "AIM_7" = AIM 7
    "Armagetron Advanced" = Armagetron Advanced 0.2.8.3.2
    "AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
    "Blend_4.0.20525.0" = Microsoft Expression Blend 4
    "Bucksbee Loyalty Plugin 100815.b for Chrome" = Bucksbee Loyalty Plugin 100815.b for Chrome
    "CINEMA 4D R14" = CINEMA 4D R14
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "DealCabby" = DealCabby
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "Free RAR Extract Frog" = Free RAR Extract Frog
    "GetSavin" = GetSavin
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "Homepage Protection" = Homepage Protection
    "HotspotShield" = Hotspot Shield 3.17
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "League of Legends 3.0.0" = League of Legends
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
    "MioNet" = MioNet
    "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Open Broadcaster Software" = Open Broadcaster Software
    "OpenAL" = OpenAL
    "Razer Game Booster_is1" = Razer Game Booster
    "Scratch" = Scratch
    "SIPPS!UninstallKey" = SIPPS
    "Steam App 4000" = Garry's Mod
    "Steam App 570" = Dota 2
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 620" = Portal 2
    "TeamViewer 8" = TeamViewer 8
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WildTangent hp Master Uninstall" = HP Games
    "WinGimp-2.0_is1" = GIMP 2.6.7
    "WinLiveSuite" = Windows Live Essentials
    "XviD Video Codec" = XviD Video Codec (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "Akamai" = Akamai NetSession Interface
    "Audio Converter" = Audio Converter
    "Half-Life 2" = Half-Life 2
    "Search Protection" = Search Protection
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Hewlett-Packard Events ]
    Error - 7/14/2010 17:09:50 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/14/2010 17:09:51 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/21/2010 17:04:34 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/21/2010 17:04:34 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/21/2010 17:05:44 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/23/2010 22:11:29 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 7/23/2010 22:11:30 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/5/2010 10:29:20 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/5/2010 10:29:21 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)

    Error - 8/5/2010 11:00:20 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
    Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
    msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
    mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

    at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
    A_0, EventArgs A_1)


    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.