Solved Trojan Dropper:Win32 Infection

TheDreams

Posts: 670   +87
I accidently download a virus and made a post about it here I scanned my computer with Microsoft security essentials and removed some items, but it seems that some needed quarantined. So I was wondering(idk about virus's/malware etc.,) could you see if I am still infected?
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Eli :: BUNDLEOFJOY [administrator]

Protection: Enabled

10/26/2013 22:33:47
MBAM-log-2013-10-26 (23-12-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403739
Time elapsed: 33 minute(s), 49 second(s)

Memory Processes Detected: 2
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 1096 -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> 3792 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 114
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> No action taken.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> No action taken.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> No action taken.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> No action taken.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> No action taken.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> No action taken.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> No action taken.
HKCR\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4} (PUP.FaceThemes) -> No action taken.
HKCR\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> No action taken.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> No action taken.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> No action taken.
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\CLSID\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Interface\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7} (PUP.Optional.GreatArcadeHits.A) -> No action taken.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> No action taken.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps (PUP.Optional.Somoto.A) -> No action taken.
HKCR\CLSID\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36000689-5C50-48D3-AB43-880D31E5D58E} (Adware.DealCabby) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004479.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> No action taken.
HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> No action taken.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\DELTA\DELTA\IESTRG (PUP.Optional.Delta.A) -> No action taken.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Delta\delta\Instl (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> No action taken.
HKLM\SOFTWARE\MINIBAR (PUP.Optional.MiniBar.A) -> No action taken.
HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> No action taken.
HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> No action taken.
HKCR\d (PUP.Optional.Delta.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> No action taken.
HKCR\CLSID\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{38779BCD-A3AA-49B1-A109-C31E6C5D701D} (PUP.Optional.Getsavin.A) -> No action taken.
HKCR\CLSID\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34740EF6-2684-4EC2-A143-16991A3194EE} (PUP.Optional.Getsavin.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{856AD396-519D-4C7A-BED6-6785F64924BC} (PUP.Optional.GreatArcadeHits.A) -> No action taken.

Registry Values Detected: 13
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: Delta Toolbar -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Data: -> No action taken.
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data: -> No action taken.
HKCU\Software\Delta\delta\iestrg|tlbrsrchurl (PUP.Optional.Delta.A) -> Data: -> No action taken.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> No action taken.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> No action taken.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> No action taken.
HKLM\SOFTWARE\Minibar|NoDns (PUP.Optional.MiniBar.A) -> Data: true -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 61
C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\icons (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\plugins (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\getsavin\ie (PUP.Optional.Getsavin.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.6.9.12 (PUP.Optional.BabylonToolbar.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3282137 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> No action taken.
 
Files Detected: 263
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Program Files (x86)\Minibar\Minibar.dll (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (PUP.Optional.Delta) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe (PUP.Optional.Delta) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CouponAlerts.exe (PUP.Optional.CrossRider) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\crt9D05.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\dp.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\fft27A6.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ietB247.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\B4869C2E-BAB0-7891-8D2F-D2FCCE959897\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\is1108708961\DeltaTB.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\is357113909\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\wzd7eb\temp\2013811232282027214068\bundleapp.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\Abraham\Downloads\rs2network_10484(2).exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Abraham\Downloads\rs2network_10484(3).exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Abraham\Downloads\rs2network_10484.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Eli\Downloads\FlashPlayer_V.121771337.exe (PUP.FakeFlash.Domaiq) -> No action taken.
C:\Users\Eli\Downloads\FLV_Runner_B.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\Downloads\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Eli\Downloads\Man_of_Steel_2013_1080p_BrRip_x264_YIFY.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Eli\Downloads\Setup (1).exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Eli\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Users\Jed\Downloads\epicbot_520.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Users\Eli\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits\Uninstall GreatArcadeHits.lnk (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Windows\Tasks\GreatArcadeHits.job (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\dealcabby\ie\dealcabby_20120914044001.dll (Adware.DealCabby) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\dealcabby\ie\dealcabby_20120914044001.dll (Adware.DealCabby) -> No action taken.
C:\Users\Eli\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\Delta\delta.crx (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Program Files (x86)\DefaultTab\uid (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.
C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\minibar.crx (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome.crx (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome.pem (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\common.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\ie_installer.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\minibar.xpi (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\SettingsHelper.exe (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\Uninstall.exe (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\update_chrome.xml (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\background.html (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\cached_http_request.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\main.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\manifest.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\MinibarPlugin.dll (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\popup.html (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\popup.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\tab.html (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\tab.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_kango.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_menu.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_pageutils.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_popup.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\includes\content_userscript.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\button.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\chrome\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome.manifest (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\install.rdf (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\content.xul (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\main.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\initial_config.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\config.xml (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\extension_info.json (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\main.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon128.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon16.ico (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon19.ico (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon19.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon32.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\icons\icon48.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\browser.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\console.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\event_listener.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\initialize.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\io.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\json.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\jsonstorage.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\kango.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\lang.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\md5.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\messaging.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\storage.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\userscript_engine.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\utils.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango\xhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\commandbar_button.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\toolbar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\toolbar_stub.html (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\ui.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\bottom-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\middle-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-bottom.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\tail-top.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-left.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-middle.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble\top-right.png (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar\actions.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar\cachedxhr.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar\config.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar\macros.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Program Files (x86)\Minibar\minibar\minibar.js (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com\sidTRUS01.tidy (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2networkTRUS01.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\Eli\AppData\Local\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Eli\AppData\Local\getsavin\ie\getsavin_1360599286.dll (PUP.Optional.Getsavin.A) -> No action taken.
C:\Users\Eli\AppData\Local\getsavin\ie\getsavin_1361127901.dll (PUP.Optional.Getsavin.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Eli\AppData\Roaming\OpenCandy\2C2F99FA19D944F3B8A691ACCFD60533\AVG_Toolbar_CB_ALL_p3v5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\CT3220468.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\CT3244149.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\ct3244149\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3282137\CT3282137.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3282137\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3282137\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\Temp\CT3282137\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\application.ico (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\cookies.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\gahff.xpi (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\GAHUninstaller.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\GAHUpdate.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\Play Games online on GreatArcadeHits.com.url (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\premium.pem (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\Eli\AppData\Local\GreatArcadeHits\static.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
(end)

DDS Scan:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
Run by Eli at 23:20:14 on 2013-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.2535 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\MioNet\MioNetManager.exe
C:\Program Files (x86)\MioNet\jvm\bin\MioNet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\VM_STI.EXE
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.entru.com/?s=21983
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://search.entru.com/?s=21983
uProxyServer = hxxp=127.0.0.1:8555
uProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mWinlogon: Userinit = userinit.exe,
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: {5F815AD7-A955-4943-91C4-7A96C2932399} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Facebook Update] "C:\Users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SearchProtection] "C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [uTorrent] "C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
mRun: [BigDogPath] C:\Windows\VM_STI.exe Philips SPC 200NC PC Camera
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Eli\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Eli\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRAYMI~1.LNK - C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4} : DHCPNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
 
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Eli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Eli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins\npMinibarPlugin.dll
FF - plugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@freecorder.com\plugins\npFreeCoder.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-25 10:37; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
FF - ExtSQL: 2013-10-25 10:37; addon@defaulttab.com; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-10-25 12:27; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF - ExtSQL: 2013-10-25 12:38; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF - ExtSQL: 2013-10-25 12:41; jid1-F9UJ2thwoAm5gQ@jetpack; C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043&q=
FF - user.js: extensions.funmoods.id - 90E6BAEC97503891
FF - user.js: extensions.funmoods.instlDay - 15556
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:34:13
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=
FF - user.js: extensions.BabylonToolbar.id - d89d389100000000000090e6baec9750
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15597
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:45:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120912_pcp_3712_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
FF - user.js: extentions.y2layers.installId - 0ce607e2-b2ae-4cdb-b8dc-643589254ef9
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - d89d389100000000000090e6baec9750
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15748
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.016:13:58
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-7 52856]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-10-15 46792]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-9-17 878888]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-9-17 556840]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-26 701512]
R2 MioNet;MioNet Service;C:\Program Files (x86)\MioNet\MioNetManager.exe [2005-7-15 139264]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2013-10-22 106472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-9 5087584]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-26 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-9-17 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-7-23 25704]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-6 1255736]
.
=============== Created Last 30 ================
.
2013-10-27 03:15:3175888----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F1CFD-F34C-4112-A814-599BCFA53DD2}\offreg.dll
2013-10-27 02:30:3825928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-10-27 02:30:38--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-27 01:22:1210280728----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B1F1CFD-F34C-4112-A814-599BCFA53DD2}\mpengine.dll
2013-10-26 21:23:0810280728------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-25 16:39:0374648----a-w-C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-10-25 16:39:03271256----a-w-C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-10-25 16:39:032106216----a-w-C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-10-25 16:39:0319352----a-w-C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-10-25 16:39:02301464----a-w-C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-10-25 16:39:02274840----a-w-C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-10-25 16:39:02116632----a-w-C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-10-25 16:39:0163384----a-w-C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-10-25 16:39:01548760----a-w-C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-10-25 16:39:013215256----a-w-C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-10-25 16:39:01118680----a-w-C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-10-25 14:37:38--------d-----w-C:\Users\Eli\AppData\Roaming\DefaultTab
2013-10-25 14:24:26--------d-----w-C:\Program Files (x86)\MyPC Backup
2013-10-25 14:24:20640957----a-w-C:\Windows\unins000.exe
2013-10-25 14:24:20237568----a-w-C:\Windows\Matrix Code Emulator.scr
2013-10-22 00:45:26--------d-----w-C:\321403204fe272438589fd
2013-10-21 01:17:07--------d-----w-C:\Users\Eli\AppData\Roaming\SanDisk
2013-10-20 00:06:06--------d-----w-C:\Program Files (x86)\Common Files\TechSmith Shared
2013-10-19 21:29:26--------d-----w-C:\ProgramData\Oracle
2013-10-19 21:29:0896168----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 21:19:03965000------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3EDF1560-E8B5-409D-ADA1-F50A307D7160}\gapaengine.dll
2013-10-16 12:03:48--------d-----w-C:\Windows\SysWow64\Hotspot Shield
2013-10-16 01:28:20--------d-----w-C:\ProgramData\Hotspot Shield
2013-10-16 01:27:3146792----a-w-C:\Windows\System32\drivers\hssdrv6.sys
2013-10-16 01:27:30--------d-----w-C:\Program Files (x86)\Hotspot Shield
2013-10-14 21:04:251202688----a-w-C:\Windows\System32\ac3filter64.acm
2013-10-14 21:04:24965120----a-w-C:\Windows\SysWow64\ac3filter.acm
2013-10-14 21:04:22--------d-----w-C:\Program Files (x86)\AC3Filter
2013-10-13 22:34:11--------d-----w-C:\ProgramData\NaturalReaders
2013-10-13 22:31:04--------d-----w-C:\ProgramData\NaturalSoft
2013-10-09 12:04:5117813896----a-w-C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-09 10:45:5976800----a-w-C:\Windows\System32\drivers\hidclass.sys
2013-10-09 10:45:5932896----a-w-C:\Windows\System32\drivers\hidparse.sys
2013-10-09 10:45:563155968----a-w-C:\Windows\System32\win32k.sys
2013-10-09 10:45:46124112----a-w-C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:45:46102608----a-w-C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:45:4599840----a-w-C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 10:45:45983488----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-09 10:45:4552736----a-w-C:\Windows\System32\drivers\usbehci.sys
2013-10-09 10:45:45325120----a-w-C:\Windows\System32\drivers\usbport.sys
2013-10-09 10:45:447808----a-w-C:\Windows\System32\drivers\usbd.sys
2013-10-09 10:45:44343040----a-w-C:\Windows\System32\drivers\usbhub.sys
2013-10-09 10:45:4430720----a-w-C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 10:45:4425600----a-w-C:\Windows\System32\drivers\usbohci.sys
2013-10-06 22:48:27--------d-----w-C:\Program Files (x86)\GRETECH
2013-10-05 23:10:54--------d-----w-C:\Users\Eli\exoriacache
.
==================== Find3M ====================
.
2013-10-09 12:05:0571048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 12:05:05692616----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:061767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:492876928----a-w-C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:4861440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:102241024----a-w-C:\Windows\System32\wininet.dll
2013-09-22 22:54:513959296----a-w-C:\Windows\System32\jscript9.dll
2013-09-22 22:54:5067072----a-w-C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50136704----a-w-C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:392706432----a-w-C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:242706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:3689600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:4771680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-17 20:33:4042184----a-w-C:\Windows\System32\drivers\taphss6.sys
2013-09-07 01:15:11466456----a-w-C:\Windows\System32\wrap_oal.dll
2013-09-07 01:15:10444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2013-09-07 01:15:10122904----a-w-C:\Windows\System32\OpenAL32.dll
2013-09-07 01:15:10109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2013-08-02 02:23:535550528----a-w-C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:441732032----a-w-C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03362496----a-w-C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03243712----a-w-C:\Windows\System32\wow64.dll
2013-08-02 02:15:0313312----a-w-C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57215040----a-w-C:\Windows\System32\winsrv.dll
2013-08-02 02:14:1116384----a-w-C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34424448----a-w-C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:303968960----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:303913664----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:231292192----a-w-C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:425120----a-w-C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17338432----a-w-C:\Windows\System32\conhost.exe
2013-08-02 00:59:09112640----a-w-C:\Windows\System32\smss.exe
2013-08-02 00:45:3725600----a-w-C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:3614336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:357680----a-w-C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:342048----a-w-C:\Windows\SysWow64\user.exe
2013-08-02 00:43:056144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:054608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:053584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:053072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 23:23:28.77 ===============
 
Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2009 13:13:24
System Uptime: 10/26/2013 23:15:05 (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 584 GiB total, 354.057 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.182 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#
Service: WUDFRd
.
Class GUID:
Description:
Device ID: ROOT\MEDIA\0001
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0001
Service:
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
Manufacturer: Generic-
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20060413092100000&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP836: 10/19/2013 17:27:35 - Installed Java 7 Update 45
RP837: 10/19/2013 20:05:16 - Installed Camtasia Studio 8
RP838: 10/20/2013 19:00:19 - Windows Backup
RP839: 10/22/2013 16:40:42 - Windows Update
RP840: 10/23/2013 03:00:10 - Windows Update
RP841: 10/23/2013 07:07:12 - Installed DirectX
RP842: 10/26/2013 17:22:28 - Windows Update
.
==== Installed Programs ======================
.
µTorrent
3DVIA player 5.0
AC3Filter 2.5b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader XI (11.0.05)
Advanced ID Creator
AIM 7
Akamai NetSession Interface
Amnesia: The Dark Descent
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armagetron Advanced 0.2.8.3.2
AssaultCube v1.1.0.4
Audio Converter
Bonjour
Bucksbee Loyalty Plugin 100815.b for Chrome
Camtasia Studio 8
CINEMA 4D R14
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DealCabby
Delta Chrome Toolbar
DirectX for Managed Code Update (Summer 2004)
Dota 2
Download Updater (AOL LLC)
Dual-Core Optimizer
Facebook Video Calling 1.2.0.287
Free RAR Extract Frog
gamelauncher-ps2-live
Garry's Mod
GetSavin
GIMP 2.6.7
GOM Player
Google Chrome
Google Update Helper
Half-Life 2
Hardware Diagnostic Tools
Homepage Protection
Hotspot Shield 3.17
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Remote Solution
HP Setup
HP Support Information
HP Update
iTunes
Java 7 Update 45
Java Auto Updater
LabelPrint
League of Legends
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Malwarebytes Anti-Malware version 1.75.0.1300
Matrix Code Emulator 1.50
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Live Search Toolbar
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Works
MioNet
Mojo
MOVband SYNC
Movie Maker
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetAssistant
NVIDIA 3D Vision Controller Driver 320.49
NVIDIA 3D Vision Driver 320.49
NVIDIA Control Panel 320.49
NVIDIA Drivers
NVIDIA GeForce Experience 1.5.1
NVIDIA Graphics Driver 320.49
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 6.4.23
NVIDIA Update Components
Open Broadcaster Software
OpenAL
Pando Media Booster
PerformanceTest v8.0
Philips SPC 300NC PC Camera
Philips VLounge
Photo Common
Photo Gallery
Portal 2
Power2Go
PowerDirector
PowerRecover
QuickTime
Razer Game Booster
Razer Nostromo
Realtek High Definition Audio Driver
RuneScape Launcher 1.2
RuneScape Launcher 1.2.3
SanDiskSecureAccess_Manager.exe
Scratch
Search Protection
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Expression Design 4 (KB2667730)
Shutterfly Express Uploader
SIPPS
Skype Click to Call
Skype™ 6.9
Steam
System Requirements Lab CYRI
TeamViewer 8
Unity Web Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 17.0
WPF Toolkit February 2010 (Version 3.5.50211.1)
XviD Video Codec (remove only)
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
10/26/2013 20:56:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 20:56:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 20:56:51, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 20:56:51, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: User User: BundleofJoy\Eli Process Name: Unknown Action: Remove Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:26:18, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:26:17, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.816.0, AS: 1.161.816.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:15:20, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
10/26/2013 17:15:20, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2013 17:14:25, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\CRX_INSTALL\spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:14:16, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\CRX_INSTALL\background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:12:50, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:12:48, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/26/2013 17:11:32, Error: Service Control Manager [7030] - The DefaultTabSearch service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/25/2013 20:34:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/25/2013 20:34:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/25/2013 20:34:42, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.F&threatid=2147683864 Name: TrojanDropper:Win32/Rotbrow.F ID: 2147683864 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->spext.dll;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->spext.dll;file:_C:\Users\Gretchen\AppData\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/25/2013 20:34:42, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Rotbrow.E&threatid=2147683863 Name: TrojanDropper:Win32/Rotbrow.E ID: 2147683863 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx;containerfile:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx;file:_C:\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHO4IBV1\pack[1].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OXFIS9L\pack[2].7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\pack.7z->spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\nspF0C4.tmp\spext.crx->background.js;file:_C:\Users\Gretchen\AppData\Local\Temp\scoped_dir_5316_16464\browsemngr.crx->background.js;file:_C:\Use Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Quarantine Action Status: No additional actions required Error Code: 0x8007065e Error description: Data of this type is not supported. Signature Version: AV: 1.161.725.0, AS: 1.161.725.0, NIS: 109.0.0.0 Engine Version: AM: 1.1.10003.0, NIS: 2.1.10003.0
10/25/2013 20:31:18, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
10/24/2013 14:31:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.
10/24/2013 14:31:38, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/20/2013 21:17:32, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
10/20/2013 21:14:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
.
==== End Of File ===========================
 
Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.
 
I think I may be confused, I removed all the selected results as stated in Julio's tutorial and when I re scanned the only thing in the log was this:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Eli :: BUNDLEOFJOY [administrator]

Protection: Enabled

10/26/2013 23:38:50
MBAM-log-2013-10-27 (00-06-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402770
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
 
redtarget.gif
The above log still has one item marked as "No action taken".
You need to fix it as well.

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
The new Malwarebytes Anti-Malware scan results:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Eli :: BUNDLEOFJOY [administrator]

Protection: Enabled

10/27/2013 10:51:46
mbam-log-2013-10-27 (10-51-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402265
Time elapsed: 26 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eli [Admin rights]
Mode : Remove -- Date : 10/27/2013 11:21:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SearchProtection.exe -- C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1080744780-1357818022-3563604407-1008\[...]\Run : SearchProtection ("C:\Users\Eli\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] TidyNetwork Update : C:\Users\Eli\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED

¤¤¤ Startup Entries : 1 ¤¤¤
[Grandma Di-Di][SUSP PATH] MOVband SYNC.lnk : C:\Users\Grandma Di-Di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MOVband SYNC.lnk @C:\Users\Grandma Di-Di\AppData\Roaming\Microsoft\Installer\{DD521EA9-7D08-403D-A830-38ECD1F76C38}\_0725771C0865EA0C540C42.exe [-][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD64 00AAKS-65A7B SCSI Disk Device +++++
--- User ---
[MBR] 3bd7e4448353601829182bd969c7cde2
[BSP] 84075f653f7649b0eb28ea262717bad6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 598085 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1225084928 | Size: 12293 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10272013_112157.txt >>
RKreport[0]_S_10272013_112148.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16721

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.600000 GHz
Memory total: 6173212672, free: 3425869824

Downloaded database version: v2013.10.27.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
10/27/2013 11:30:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\nvstor64.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\hssdrv6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvsmu.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvmf6264.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\rzjoystk.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\ScreamingBAudio64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\taphss6.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor64.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\System32\Drivers\usbaapl64.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\sechost.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\comdlg32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8004eee790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xfffffa800738ca20
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800784f790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa800738e880
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80076a7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8007372b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800781e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80073769a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005b7a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xfffffa80058ee330
Lower Device Driver Name: \Driver\nvstor64\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005b7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005b7aab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ea5e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80058ee330, DeviceName: \Device\0000005d\, DriverName: \Driver\nvstor64\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1224878080

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1225084928 Numsec = 25176064

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800781e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007394b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800781e790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80073769a0, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80076a7790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007392b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80076a7790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007372b60, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800784f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007396b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800784f790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800738e880, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8004eee790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007397b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004eee790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800738ca20, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Eli :: BUNDLEOFJOY [administrator]

10/27/2013 11:30:48
mbar-log-2013-10-27 (11-30-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 423117
Time elapsed: 28 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



On the anti-rootkit no malicious malware was found(first time) so I did not have to do a cleanup! But I am still receiving the same popup on all sites(about every 4 or 5th website I visit and also a popup on the bottom right of the screen, and certain words in all text(facebook, techspot, google, smartestcomputing, yahoo, centurylink) are highlighted and when I hover over them It is an advertisement. I know you don't usually review an attachment but I am showing you what I mean by the words being highlighted when I attached no link to them.
 

Attachments

  • advert.png
    advert.png
    150.5 KB · Views: 1
We'll get there.
Be patient.

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-10-26.01 - Eli 10/27/2013 18:07:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3955 [GMT -4:00]
Running from: c:\users\Eli\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\users\Eli\AppData\Local\assembly\tmp
c:\users\Eli\AppData\Local\dealcabby
c:\users\Eli\AppData\Local\dealcabby\license.txt
c:\users\Eli\AppData\Local\dealcabby\sqlite3.exe
c:\users\Eli\AppData\Local\dealcabby\uninst.exe
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\background.html
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\crossriderManifest.json
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\manifest.xml
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins.json
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1_base.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1000014_GPL Plugin (Loader).js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\1000015_GPL Background (BG).js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\17_jQuery.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\21_debug.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\22_resources.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\28_initializer.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\47_resources_background.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\64_appApiMessage.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\72_appApiValidation.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\userCode\background.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\extensionData\userCode\extension.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\actions\1.png
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon128.png
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon16.png
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\icons\icon48.png
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\chrome.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\cookie.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\message.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\pageAction.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\api\pageActionBG.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\background.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\app_api.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\bg_app_api.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\consts.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\cookie_store.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\crossriderAPI.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\delegate.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\events.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\extensionDataStore.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\installer.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\logFile.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\logging.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\onBGDocumentLoad.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\popupResource\newPopup.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\popupResource\popup.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\reports.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\storageWrapper.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\updateManager.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\util.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\lib\xhr.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\js\main.js
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\manifest.json
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.25.99_0\popup.html
c:\users\Eli\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Eli\AppData\Roaming\Microsoft\Windows\Recent\Portal 2.url
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\bootstrap.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\harness-options.json
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\icon.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\icon64.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\install.rdf
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\en-GB.json
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\eo.json
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locale\fr-FR.json
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\locales.json
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
 
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\asyncDB.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\background.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\browserAction.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\contextMenu.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dbManager.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\dom_bg.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\fileManager.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefox.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxNotifications.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\firefoxOmnibox.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\message.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\request.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\tabs.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\api\webRequest.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\baseObject.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\console.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\consts.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\delegate.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\httpObserver.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\IDBWrapper.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\pluginsManager.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\prefs.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\progressListenerObserver.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\registry.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reloadObserver.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\reports.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\requestObject.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\searchSettings.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\uninstallObserver.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\updateManager.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\utils.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\core\xhr.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\backgroundCode.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode\pageCode.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\main.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\windows\SysWow64\ndisapi.dll
c:\windows\SysWow64\tmp587E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-09-27 to 2013-10-27 )))))))))))))))))))))))))))))))
.
.
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Jed\AppData\Local\temp
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Default\AppData\Local\temp
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Gretchen\AppData\Local\temp
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Veronica\AppData\Local\temp
2013-10-27 22:17 . 2013-10-27 22:17--------d-----w-c:\users\Abraham\AppData\Local\temp
2013-10-27 21:46 . 2013-10-27 21:4675888----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980ACE08-FDD0-431D-A8DD-8913C7198078}\offreg.dll
2013-10-27 15:30 . 2013-10-27 16:04--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-27 15:29 . 2013-10-27 15:2991352----a-w-c:\windows\system32\drivers\mbamchameleon.sys
2013-10-27 15:21 . 2013-10-27 15:21--------d-----w-c:\windows\snack
2013-10-27 03:36 . 2013-10-14 07:1210280728----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{980ACE08-FDD0-431D-A8DD-8913C7198078}\mpengine.dll
2013-10-27 02:30 . 2013-10-27 02:30--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-27 02:30 . 2013-04-04 18:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-10-26 21:23 . 2013-10-14 07:1210280728----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-25 14:37 . 2013-10-27 03:15--------d-----w-c:\users\Eli\AppData\Roaming\DefaultTab
2013-10-25 14:24 . 2013-10-25 15:38--------d-----w-c:\program files (x86)\MyPC Backup
2013-10-25 14:24 . 2013-10-25 14:24640957----a-w-c:\windows\unins000.exe
2013-10-25 14:24 . 2002-04-06 01:57237568----a-w-c:\windows\Matrix Code Emulator.scr
2013-10-22 00:45 . 2013-10-22 00:58--------d-----w-C:\321403204fe272438589fd
2013-10-21 01:17 . 2013-10-21 01:17--------d-----w-c:\users\Eli\AppData\Roaming\SanDisk
2013-10-20 00:06 . 2013-10-20 00:06--------d-----w-c:\program files (x86)\Common Files\TechSmith Shared
2013-10-20 00:05 . 2013-10-20 00:05--------d-----w-c:\program files (x86)\TechSmith
2013-10-19 21:29 . 2013-10-19 21:29--------d-----w-c:\programdata\Oracle
2013-10-19 21:29 . 2013-10-19 21:29--------d-----w-c:\program files (x86)\Common Files\Java
2013-10-19 21:29 . 2013-10-08 11:5096168----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 21:19 . 2013-10-18 21:18965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EDF1560-E8B5-409D-ADA1-F50A307D7160}\gapaengine.dll
2013-10-16 12:03 . 2013-10-16 12:03--------d-----w-c:\windows\SysWow64\Hotspot Shield
2013-10-16 01:28 . 2013-10-16 01:29--------d-----w-c:\programdata\Hotspot Shield
2013-10-16 01:27 . 2013-09-17 20:3146792----a-w-c:\windows\system32\drivers\hssdrv6.sys
2013-10-16 01:27 . 2013-10-16 01:29--------d-----w-c:\program files (x86)\Hotspot Shield
2013-10-14 21:04 . 2012-06-18 02:181202688----a-w-c:\windows\system32\ac3filter64.acm
2013-10-14 21:04 . 2012-06-18 02:10965120----a-w-c:\windows\SysWow64\ac3filter.acm
2013-10-14 21:04 . 2013-10-14 21:04--------d-----w-c:\program files (x86)\AC3Filter
2013-10-13 22:34 . 2013-10-13 22:34--------d-----w-c:\programdata\NaturalReaders
2013-10-13 22:31 . 2013-10-13 22:31--------d-----w-c:\programdata\NaturalSoft
2013-10-09 12:04 . 2013-10-09 12:0417813896----a-w-c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-09 10:45 . 2013-07-03 04:0576800----a-w-c:\windows\system32\drivers\hidclass.sys
2013-10-09 10:45 . 2013-07-03 04:0532896----a-w-c:\windows\system32\drivers\hidparse.sys
2013-10-09 10:45 . 2013-08-28 01:213155968----a-w-c:\windows\system32\win32k.sys
2013-10-09 10:45 . 2013-07-20 10:33102608----a-w-c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:45 . 2013-07-20 10:33124112----a-w-c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:45 . 2013-09-04 12:11325120----a-w-c:\windows\system32\drivers\usbport.sys
2013-10-09 10:45 . 2013-09-04 12:1199840----a-w-c:\windows\system32\drivers\usbccgp.sys
2013-10-09 10:45 . 2013-09-04 12:1152736----a-w-c:\windows\system32\drivers\usbehci.sys
2013-10-09 10:45 . 2013-08-01 12:09983488----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 10:45 . 2013-09-04 12:12343040----a-w-c:\windows\system32\drivers\usbhub.sys
2013-10-09 10:45 . 2013-09-04 12:1130720----a-w-c:\windows\system32\drivers\usbuhci.sys
2013-10-09 10:45 . 2013-09-04 12:1125600----a-w-c:\windows\system32\drivers\usbohci.sys
2013-10-09 10:45 . 2013-09-04 12:117808----a-w-c:\windows\system32\drivers\usbd.sys
2013-10-06 22:48 . 2013-10-06 22:48--------d-----w-c:\users\Eli\AppData\Roaming\GRETECH
2013-10-06 22:48 . 2013-10-06 22:48--------d-----w-c:\program files (x86)\GRETECH
2013-10-05 23:10 . 2013-10-05 23:10--------d-----w-c:\users\Eli\exoriacache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:09 . 2012-06-11 03:0580541720----a-w-c:\windows\system32\MRT.exe
2013-10-09 12:05 . 2012-04-18 20:44692616----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 12:05 . 2011-06-09 21:3371048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-17 20:33 . 2013-09-17 20:3342184----a-w-c:\windows\system32\drivers\taphss6.sys
2013-09-07 01:15 . 2012-05-23 21:13466456----a-w-c:\windows\system32\wrap_oal.dll
2013-09-07 01:15 . 2012-05-23 21:13444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2013-09-07 01:15 . 2012-05-23 21:13122904----a-w-c:\windows\system32\OpenAL32.dll
2013-09-07 01:15 . 2012-05-23 21:13109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2013-09-06 20:19 . 2013-03-21 00:18965008------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 02:23 . 2013-09-11 09:535550528----a-w-c:\windows\system32\ntoskrnl.exe
2013-08-02 02:15 . 2013-09-11 09:531732032----a-w-c:\windows\system32\ntdll.dll
2013-08-02 02:15 . 2013-09-11 09:53243712----a-w-c:\windows\system32\wow64.dll
2013-08-02 02:15 . 2013-09-11 09:53362496----a-w-c:\windows\system32\wow64win.dll
2013-08-02 02:15 . 2013-09-11 09:5313312----a-w-c:\windows\system32\wow64cpu.dll
2013-08-02 02:14 . 2013-09-11 09:53215040----a-w-c:\windows\system32\winsrv.dll
2013-08-02 02:14 . 2013-09-11 09:5316384----a-w-c:\windows\system32\ntvdm64.dll
2013-08-02 02:13 . 2013-09-11 09:53424448----a-w-c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 09:531161216----a-w-c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 09:5343520----a-w-c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 09:536144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:536656----a-w-c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:534096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:535120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 09:533072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:59 . 2013-09-11 09:533968960----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59 . 2013-09-11 09:533913664----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51 . 2013-09-11 09:531292192----a-w-c:\windows\SysWow64\ntdll.dll
2013-08-02 01:50 . 2013-09-11 09:53274944----a-w-c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:50 . 2013-09-11 09:535120----a-w-c:\windows\SysWow64\wow32.dll
2013-08-02 01:48 . 2013-09-11 09:535120---ha-w-c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:534608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:536656----a-w-c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 09:534096---ha-w-c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
 
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 09:5344032----a-w-c:\windows\apppatch\acwow64.dll
2013-08-02 01:09 . 2013-09-11 09:53338432----a-w-c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 09:53112640----a-w-c:\windows\system32\smss.exe
2013-08-02 00:45 . 2013-09-11 09:5325600----a-w-c:\windows\SysWow64\setup16.exe
2013-08-02 00:45 . 2013-09-11 09:5314336----a-w-c:\windows\SysWow64\ntvdm64.dll
2013-08-02 00:45 . 2013-09-11 09:537680----a-w-c:\windows\SysWow64\instnm.exe
2013-08-02 00:45 . 2013-09-11 09:532048----a-w-c:\windows\SysWow64\user.exe
2013-08-02 00:43 . 2013-09-11 09:536144---ha-w-c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 09:534608---ha-w-c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 09:533584---ha-w-c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 09:533072---ha-w-c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41120104----a-w-c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54194928----a-w-c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"Facebook Update"="c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-14 138096]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-12 3093624]
"Akamai NetSession Interface"="c:\users\Eli\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"uTorrent"="c:\users\Eli\AppData\Roaming\uTorrent\uTorrent.exe" [2013-10-26 902736]
"SanDiskSecureAccess_Manager.exe"="c:\users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2013-09-25 30705792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"BigDogPath"="c:\windows\VM_STI.exe" [2006-12-22 40960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Razer Nostromo Driver"="c:\program files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe" [2011-07-19 978840]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin300.exe.lnk - c:\program files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe [2010-1-19 278528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MioNet;MioNet Service;c:\program files (x86)\MioNet\MioNetManager.exe;c:\program files (x86)\MioNet\MioNetManager.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 rzjoystk;Razer VJoystick;c:\windows\system32\DRIVERS\rzjoystk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjoystk.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 19:481185744----a-w-c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 12:05]
.
2013-10-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008Core.job
- c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 23:45]
.
2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008UA.job
- c:\users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-12 23:45]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 23:05]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09 23:05]
.
2013-09-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-03 1028896]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.entru.com/?s=21983
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.entru.com/?s=21983
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:8555
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-10-25 10:37; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.0.0.12
FF - ExtSQL: 2013-10-25 10:37; addon@defaulttab.com; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-10-25 12:27; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
FF - ExtSQL: 2013-10-25 12:38; afext@anchorfree.com; c:\program files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
FF - ExtSQL: 2013-10-25 12:41; jid1-F9UJ2thwoAm5gQ@jetpack; c:\users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043&q=
FF - user.js: extensions.funmoods.id - 90E6BAEC97503891
FF - user.js: extensions.funmoods.instlDay - 15556
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:34
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=
FF - user.js: extensions.BabylonToolbar.id - d89d389100000000000090e6baec9750
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15597
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:45
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110796&tt=120912_pcp_3712_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 0ce607e2-b2ae-4cdb-b8dc-643589254ef9
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - d89d389100000000000090e6baec9750
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15748
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.016:13
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5F815AD7-A955-4943-91C4-7A96C2932399} - (no file)
Toolbar-{b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
c:\users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Eli\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-DealCabby - c:\users\Eli\AppData\Local\dealcabby\uninst.exe
AddRemove-MioNet - c:\program files (x86)\MioNet\uninstall.exe
AddRemove-PlanetSide 2 - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\Uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Eli\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-27 18:22:43
ComboFix-quarantined-files.txt 2013-10-27 22:22
.
Pre-Run: 385,161,719,808 bytes free
Post-Run: 390,465,179,648 bytes free
.
- - End Of File - - 13EFEBF28E2C9C0E92210D723A05E330
5778997D3E073C6583C14E80B2E5DB74


I've noticed a change, the attachment(highlighted words) posted in my above post are nonexistent now!:D
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
On the AdwCleaner it says please uncheck all elements that you do not want removed. After that is an uninstall option(with a trash can) and a clean option, which should I do first?
 
  • Click on Scan button.
  • When the scan has finished click on Clean button.
Don't uncheck anything.
 
# AdwCleaner v3.010 - Report created 27/10/2013 at 20:55:20
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eli - BUNDLEOFJOY
# Running from : C:\Users\Eli\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Abraham\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Abraham\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Grandma Di-Di\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Gretchen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Gretchen\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Eli\AppData\Local\Conduit
Folder Deleted : C:\Users\Eli\AppData\Local\getsavin
Folder Deleted : C:\Users\Eli\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Eli\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Eli\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eli\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Eli\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Eli\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Eli\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Eli\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\FCTB
Folder Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\playbryte@playbryte.com
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\tidynetwork@tidynetwork
Folder Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Grandma Di-Di\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\bprotector_prefs.js
File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\BrowserMngr_extensions.sqlite
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\defaulttab.config
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\bingp.xml
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\delta.xml
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\search.xml
File Deleted : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\user.js
File Deleted : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\user.js
File Deleted : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\user.js
File Deleted : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\fed78db734e540
Key Deleted : HKLM\SOFTWARE\fed78db734e540
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_voice-changer-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Abraham\AppData\Roaming\Mozilla\Firefox\Profiles\ewsy3uyn.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "139f5c74e1991ae08cc7ea082947815d");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348448243);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348448243");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348448243");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Thu Oct 11 2012 19:36:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1349558091");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1348448303098");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2285442%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348448261470");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "40");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sat Oct 06 2012 23:14:53 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 40);
Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139f5c74e1991ae08cc7ea082947815d");
Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348448243);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22492635);
 
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22492644);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 6);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false);
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "2A9A3124DBC5C0182B688F403314455D3013EEE13B51F3E0F7236AA143833A65DB055212764438584F170E30346FB21AD29A345D41F8DD8D5D2F8AB2346348B0020D1AC4[...]
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "18529237");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.vars.lastcheck", "Sun%20Nov%2013%202011%2019%3A56%3A04%20GMT-0500%20%28Eastern%20Standard%20Time%29");
Line Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false);

[ File : C:\Users\Jed\AppData\Roaming\Mozilla\Firefox\Profiles\4x740nt0.default\prefs.js ]

Line Deleted : user_pref("aim_toolbar.default.search.url", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mru[...]
Line Deleted : user_pref("aol_toolbar.surf.date", "4");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "23");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "11");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Deleted : user_pref("aol_toolbar.surf.month", "4");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "215");
Line Deleted : user_pref("aol_toolbar.surf.total", "223");
Line Deleted : user_pref("aol_toolbar.surf.week", "4");
Line Deleted : user_pref("aol_toolbar.surf.year", "218");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mrud=28-[...]
Line Deleted : user_pref("extensions.crossrider.bic", "13aa98e91227eeec61337250f74fdb4b");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1351464424);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1351464424");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13aa98e91227eeec61337250f74fdb4b");
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1351464424);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22604686);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22604687);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Deleted : user_pref("extensions.enabledAddons", "{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1,moveplayer@movenetworks.com:1.0.0.%(version)s,{D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1,{c2f863cd-0429-48c7-bb54[...]
Line Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aimright-ab-en-us&tb_uuid=20120311174839909&tb_oid=28-10-2012&tb_mrud=28-10-2012&query[...]

[ File : C:\Users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\eaqdvs15.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13afcbfc0baeabfeb56e0631cdf57ee7");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1352860156);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 42);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1352860156");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1352860156");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Sat May 25 2013 21:59:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B_GPL_PLUGIN.st%3D%7B%5C%2[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Sat May 25 2013 21:59:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Sat Jun 01 2013 21:45:03 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1369532758");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221368543869%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure_tmp.expiration", "Sat May 25 2013 22:04:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure_tmp.value", "1369533298");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1354895763027");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%22106125%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1354895713093");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "97");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sun May 26 2013 03:45:35 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 38);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 7);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/086/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 68);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 97);
Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13afcbfc0baeabfeb56e0631cdf57ee7");
Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1352860156);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22825545);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22825555);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4479@crossrider.com:0.86.44,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2");

[ File : C:\Users\Grandma Di-Di\AppData\Roaming\Mozilla\Firefox\Profiles\lwpg7cto.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13a0001a93872d13f7581086792ea141");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1348619840);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1348619840");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1348619840");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Fri Oct 12 2012 18:21:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1349741393");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2258453%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2258453%26subid%3D%26pid%3D1242%22%7D[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2258453%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1349475695051");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2286235%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1348619850971");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "42");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Tue Oct 09 2012 02:10:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id}else{return appAPI.appID}}};$jquery.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function(){fun[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b)}};appAPI.ready=function(c,b){a.when.apply(null[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaul[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16,47,1000015");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/4479/plugins/083/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 15);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 42);
Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "13a0001a93872d13f7581086792ea141");
Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1348619840);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22495690);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22495690);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");

[ File : C:\Users\Gretchen\AppData\Roaming\Mozilla\Firefox\Profiles\zvzecxa9.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.crossrider.bic", "139cc7c37d2074aa76c49cfc2fe0d706");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347755456);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 43);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347755456");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347755456");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Mon Aug 05 2013 19:21:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1375234888");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221372100319%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.value", "1368281456");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1347807086411");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2282418%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1347807063632");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "99");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Wed Jul 31 2013 03:41:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
 
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 8);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[\"[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 70);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 99);
Line Deleted : user_pref("extensions.crossriderapp4479.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139cc7c37d2074aa76c49cfc2fe0d706");
Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1347755456);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22920582);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22920582);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 4);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp4479%40crossrider.com:0.91.97,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2");

[ File : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\prefs.js ]

Line Deleted : user_pref("CT3220468.UserID", "UN22771687512931828");
Line Deleted : user_pref("CT3220468.autoDisableScopes", 14);
Line Deleted : user_pref("CT3220468.installDate", "12/2/2013 0:08:59");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("ct3220468.UserID", "UN22771687512931828");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110796&tt=120912_pcp_3712_3");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "25");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A6BCD70A7D14F304C6FB949619ABF208");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "d89d389100000000000090e6baec9750");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15597");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1216:45:56");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"7\",\"lastVrsn\":\"7\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d89d389100000000000090e6baec9750&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1216:45:56");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110796&tt=120912_pcp_3712_3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1216:45:56");
Line Deleted : user_pref("extensions.crossrider.bic", "139c836afd32e93a00d99db523afed6f");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1347655536);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 43);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1347655536");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1347655536");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.expiration", "Fri Oct 25 2013 12:47:14 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7B_GPL_PLUGIN.st%3D%7B%5C%2274052%26pid%3D1269%5C%22%3A%7Bs%3A%5B%5C%2274052%26pid%3D1695%5C%22%2C[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.expiration", "Fri Oct 25 2013 12:47:14 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_blocklist.value", "%22facebook.com%2Cnonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_cf_bu1.value", "1361070131");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.expiration", "Fri Nov 01 2013 12:07:49 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_crr.value", "1382719324");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_currenttime.value", "%221381868224%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_delay.value", "24");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_disclosure.value", "1370698930");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_list.expiration", "Fri Oct 25 2013 18:09:41 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_ib_list.value", "%7B%22f7610cf2b37067876b694a05c56f32e2%22%3A%7B%22p%22%3A%22/%22%7D%2C%22d763717b4b2e0a17a877cc642fb80ee4%22%3A%7B%22p%22%3A%2[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_pc_20120828.value", "1349999301199");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221171%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2282063%22");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.dbtest.value", "1349999291662");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.lastrequest.value", "%7B%22path%22%3A%22/index.php%22%2C%22host%22%3A%22www.facebook.com%22%2C%22scheme%22%3A%22hxxps%22%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons display instantly while you're shopping online!");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%221FA86426222C46FD97DD40EBCFA399B1IE%22%2C%22installer_verifier%22%3A%2288bef89cbb239022[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "100");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Fri Oct 25 2013 18:07:55 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1171,baseCDN:\"giantsavings-a.akamaihd.n[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.exte[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 8);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Object[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000014.ver", 16);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor:1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.get[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 12);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.ex[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(nul[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:([...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};var b=function(e){return(![...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_64.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARAM_NAME% value is not supp[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof window.navigator!==\"undefined\"&&typeof window.navigator.userAgent!==\"undefi[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_78.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.code", "(function(){var b={DUMMY_PAGE_URL:\"hxxp://page.our-app.net/blank/resource.html\"};var c=\"cr_\"+appAPI.appID+\"internalMessage\"[...]
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_98.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4479/plugins/091/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 71);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 100);
Line Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");
Line Deleted : user_pref("extensions.crossriderapp4479.bic", "139c836afd32e93a00d99db523afed6f");
Line Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);
Line Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1377738704);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 23045288);
Line Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 23045322);
Line Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp4479.reportInstall", true);
Line Deleted : user_pref("extensions.crossriderapp4479.statsDailyCounter", 5);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "25");
Line Deleted : user_pref("extensions.delta.cntry", "US");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.dfltSrch", false);
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.hdrMd5", "CE0F02EC4E1BC53293436DF11D6DBD5B");
Line Deleted : user_pref("extensions.delta.hmpg", false);
Line Deleted : user_pref("extensions.delta.id", "d89d389100000000000090e6baec9750");
Line Deleted : user_pref("extensions.delta.instlDay", "15748");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "azb");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.016:13:58");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Deleted : user_pref("extensions.enabledAddons", "addon%40freecorder.com:7.0.0.13,crossriderapp4479%40crossrider.com:0.91.97,ffxtlbr%40babylon.com:1.5.0,ffxtlbr%40delta.com:1.5.0,ffxtlbr%40funmoods.com:1.5.1,plu[...]
Line Deleted : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc7/ui/buttons/menu_header-ltyt.png\",\"width\":225,\"height\":65},{\[...]
Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "US");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "3C65DC9966DB4D5649967FE400E8420D");
Line Deleted : user_pref("extensions.funmoods.hmpg", false);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=754155043[...]
Line Deleted : user_pref("extensions.funmoods.id", "90E6BAEC97503891");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15556");
Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:34:13");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", false);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=7541550[...]
Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"lastVrsn\":\"245\",\"newVrsn\":\"245\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"lstMsgTs\":0,\"msgTs\":0,\"vrsnLoad\":\"\"}");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0A0E0CzyyByDtDtAzzzytCtN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=75415[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:34:13");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", false);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:34:13");
Line Deleted : user_pref("extensions.kango.storage.m2_k1", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k2", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k3", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k4", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1382719333325");
Line Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Apps Hat\",\"description\":\"Apps Hat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%af[...]
Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "0ce607e2-b2ae-4cdb-b8dc-643589254ef9");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Abraham\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

[ File : C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Grandma Di-Di\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Gretchen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [118302 octets] - [27/10/2013 20:44:26]
AdwCleaner[S0].txt - [119097 octets] - [27/10/2013 20:55:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [119159 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Eli on Sun 10/27/2013 at 21:01:53.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hshld
Successfully deleted: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F0634EF2-6B25-4D60-9F4C-122C129B4BCA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Eli\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\appshat mobile apps"
Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Eli\appdata\local\webplayer"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\extensions\addon@freecorder.com
Successfully deleted the following from C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1382717374);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
user_pref("settings.premium.greatarcadehits.cl_addonData", "hxxp://tt.greatarcadehits.com/cljs?options=YTMyMDU4NDIyODX885koe7L2XzS%2FoccbNPysp%2BfIdqTUi7CKWBBE8wx1F69LoY42Z8SZ
Emptied folder: C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\jm0lgp1m.default\minidumps [14 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\Eli\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at 21:10:03.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 10/27/2013 21:20:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eli\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 63.97% Memory free
11.50 Gb Paging File | 8.95 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 367.32 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS

Computer Name: BUNDLEOFJOY | User Name: Eli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/27 21:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eli\Downloads\OTL.exe
PRC - [2013/10/26 17:14:12 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/08 22:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/25 19:58:06 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/07/03 17:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/03 17:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/12 16:47:38 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/07/19 14:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
PRC - [2006/12/22 12:45:00 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE
PRC - [2005/07/15 16:38:33 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\MioNet\MioNetManager.exe
PRC - [2005/07/12 20:57:42 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe
PRC - [2004/06/04 00:09:14 | 000,045,161 | ---- | M] () -- C:\Program Files (x86)\MioNet\jvm\bin\MioNet.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 17:01:22 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/09 17:00:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 17:00:40 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/09 17:00:29 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 17:00:22 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/08 22:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/09/10 18:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/08/21 18:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/08/20 03:37:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/20 03:30:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll
MOD - [2013/08/20 03:29:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/20 03:29:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/20 03:29:09 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/20 03:28:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 10:48:48 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 10:47:58 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll
MOD - [2013/07/10 10:47:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/01/12 16:47:38 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012/02/14 19:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/05/26 04:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MOD - [2005/07/12 20:57:42 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Philips\SPC 300NC PC Camera\TrayMin300.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 14:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/25 12:39:01 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/09 08:05:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/18 12:51:02 | 000,106,472 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 17:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/06/21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/01/07 16:10:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2005/07/15 16:38:33 | 000,139,264 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MioNet\MioNetManager.exe -- (MioNet)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/17 16:33:40 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/09/17 16:31:12 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 14:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/14 18:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/24 15:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 01:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/01/07 16:07:33 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/19 12:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/12/22 12:46:28 | 000,432,512 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/05/16 19:03:44 | 000,015,340 | R--- | M] (NT Kernel Resources) [Kernel | Boot | Unknown] -- C:\Windows\SysWow64\drivers\ndisrd.sys -- (NDISRD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{1235B3BB-2B63-4F90-BA16-37F536739926}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{BFE680F5-69D4-4A76-A974-C15503F8F00B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1235B3BB-2B63-4F90-BA16-37F536739926}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFE680F5-69D4-4A76-A974-C15503F8F00B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21983
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{17013DA4-ABD2-4D5B-828B-2EC71CAFD2B4}: "URL" = http://www.bing.com/search?FORM=U040DF&PC=U040&dt=080113&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS374
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\{D75FC124-029F-42CD-8D92-6F11294ECB91}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\SearchScopes\580C66D222804DCD96942DB765DD2B93: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555

IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome_first&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
IE - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\..\SearchScopes,DefaultScope =
 
========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/25 12:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/27 20:55:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Eli\AppData\Local\GreatArcadeHits\gahff.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/25 12:39:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/27 20:55:30 | 000,000,000 | ---D | M]

[2012/05/31 10:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Extensions
[2013/10/27 21:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions
[2013/02/12 17:13:29 | 000,000,000 | ---D | M] (GetSavin) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\getsavin@jetpack
[2013/03/17 16:08:55 | 000,000,000 | ---D | M] (Web Backup Drop Pad) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\Strongvault@Strongvault.com
[2013/10/25 12:41:57 | 000,833,307 | ---- | M] () (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2013/10/25 12:27:06 | 000,348,414 | ---- | M] () (No name found) -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi
[2013/10/25 10:39:22 | 000,003,746 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\safeguard-secure-search.xml
[2013/07/31 09:17:44 | 000,000,915 | ---- | M] () -- C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\jm0lgp1m.default\searchplugins\yahoo.xml
[2013/10/25 12:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/25 12:38:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/25 12:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/25 12:38:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/25 12:39:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/25 12:38:30 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com
File not found (No name found) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\17.0.0.12
File not found (No name found) -- C:\USERS\ELI\APPDATA\LOCAL\GREATARCADEHITS\GAHFF.XPI
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\{97A78363-B868-4B48-AC91-A783A31215AF}
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\ADDON@FREECORDER.COM
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\CROSSRIDERAPP4479@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
File not found (No name found) -- C:\USERS\ELI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JM0LGP1M.DEFAULT\EXTENSIONS\TIDYNETWORK@TIDYNETWORK
[2012/09/15 20:32:26 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/10/25 10:37:25 | 000,003,746 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Adblock Plus = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Night Time In New York City = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_1\
CHR - Extension: Quick Note = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0\
CHR - Extension: Gmail = C:\Users\Eli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/27 18:20:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5F815AD7-A955-4943-91C4-7A96C2932399} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.exe (BIGDOG)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Akamai NetSession Interface] C:\Users\Eli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Facebook Update] C:\Users\Eli\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Eli\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008..\Run: [uTorrent] C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1080744780-1357818022-3563604407-1008\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/22 16:26:31 | 000,018,132 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/27 21:01:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/27 20:44:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/27 18:22:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/27 18:22:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/27 18:02:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/10/27 17:59:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/27 17:59:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/27 17:59:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/27 17:59:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/27 17:58:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/27 12:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eli\Desktop\Broni
[2013/10/27 11:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/10/27 11:29:26 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/10/27 11:21:45 | 000,000,000 | ---D | C] -- C:\Windows\snack
[2013/10/26 22:50:57 | 000,000,000 | ---D | C] -- C:\Users\Eli\Desktop\English Papers
[2013/10/26 22:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/26 22:30:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/26 22:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/25 12:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/25 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\League of Legends
[2013/10/25 10:32:41 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\Jobs
[2013/10/21 20:45:26 | 000,000,000 | ---D | C] -- C:\321403204fe272438589fd
[2013/10/20 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
[2013/10/20 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\SanDisk
[2013/10/19 20:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013/10/19 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2013/10/19 20:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2013/10/19 17:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/19 17:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/19 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/16 08:03:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Hotspot Shield
[2013/10/15 21:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/10/15 21:27:31 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/10/14 17:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2013/10/14 17:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2013/10/13 18:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalReaders
[2013/10/13 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NaturalSoft
[2013/10/06 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/10/06 18:48:33 | 000,000,000 | ---D | C] -- C:\Users\Eli\AppData\Roaming\GRETECH
[2013/10/06 18:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
[2013/10/05 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Eli\exoriacache
[2013/10/04 21:57:34 | 000,000,000 | ---D | C] -- C:\Users\Eli\Documents\Scratch Projects
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/27 21:05:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 21:05:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/27 21:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/27 20:57:38 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/27 20:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/27 20:57:10 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/27 20:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/27 19:50:07 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008UA.job
[2013/10/27 19:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1080744780-1357818022-3563604407-1008Core.job
[2013/10/27 18:20:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/27 11:29:26 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/10/27 11:19:38 | 000,000,024 | ---- | M] () -- C:\Users\Eli\random.dat
[2013/10/27 11:13:31 | 000,000,040 | ---- | M] () -- C:\Users\Eli\exoria_cl_exoria_LIVE.dat
[2013/10/26 22:30:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/26 17:13:17 | 000,000,258 | RHS- | M] () -- C:\Users\Eli\ntuser.pol
[2013/10/25 10:24:20 | 000,000,798 | ---- | M] () -- C:\Windows\unins000.dat
[2013/10/25 10:24:16 | 000,640,957 | ---- | M] () -- C:\Windows\unins000.exe
[2013/10/24 15:21:39 | 000,000,032 | ---- | M] () -- C:\Users\Eli\jagex_cl_runescape_LIVE.dat
[2013/10/22 20:15:10 | 000,000,219 | ---- | M] () -- C:\Users\Eli\Desktop\Dota 2.url
[2013/10/22 16:27:39 | 000,001,337 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013/10/20 21:22:22 | 021,321,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/20 21:22:22 | 007,230,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/20 21:22:22 | 000,006,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/19 21:37:40 | 000,000,023 | ---- | M] () -- C:\Users\Eli\jagexappletviewer.preferences
[2013/10/19 20:07:35 | 000,006,656 | ---- | M] () -- C:\Users\Eli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/15 21:29:21 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/10/15 16:52:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/10 06:35:49 | 000,453,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/09 17:46:47 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/06 18:48:44 | 000,001,215 | ---- | M] () -- C:\Users\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/10/06 18:48:43 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/27 17:59:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/27 17:59:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/27 17:59:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/27 17:59:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/27 17:59:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/27 11:21:45 | 000,198,656 | ---- | C] () -- C:\Windows\SysNative\drivers\WUDFRd.sys.dump
[2013/10/26 22:30:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 10:37:48 | 000,000,258 | RHS- | C] () -- C:\Users\Eli\ntuser.pol
[2013/10/25 10:24:20 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2013/10/25 10:24:20 | 000,237,568 | ---- | C] () -- C:\Windows\Matrix Code Emulator.scr
[2013/10/25 10:24:20 | 000,000,798 | ---- | C] () -- C:\Windows\unins000.dat
[2013/10/22 20:15:10 | 000,000,219 | ---- | C] () -- C:\Users\Eli\Desktop\Dota 2.url
[2013/10/22 16:27:39 | 000,001,337 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013/10/15 21:29:21 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/10/14 17:04:25 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm
[2013/10/14 17:04:24 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm
[2013/10/09 17:46:47 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/09 17:46:47 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/06 18:48:44 | 000,001,215 | ---- | C] () -- C:\Users\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/10/06 18:48:43 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/10/05 19:10:54 | 000,000,040 | ---- | C] () -- C:\Users\Eli\exoria_cl_exoria_LIVE.dat
[2013/05/06 18:00:24 | 000,034,816 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\RZR_0070b1b840a08e750a5517a2ed2c.db
[2013/02/22 13:56:34 | 000,000,042 | ---- | C] () -- C:\Users\Eli\jagex_cl_oldschool_LIVE.dat
[2013/02/12 17:17:10 | 000,004,510 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamStudio.cfg
[2013/02/12 17:17:10 | 000,000,408 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamShapes.ini
[2013/02/12 17:17:10 | 000,000,408 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\CamLayout.ini
[2013/02/12 17:17:10 | 000,000,046 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\Camdata.ini
[2013/01/07 17:36:38 | 000,000,288 | ---- | C] () -- C:\Users\Eli\AppData\Roaming\.backup.dm
[2012/11/19 17:50:50 | 000,000,044 | ---- | C] () -- C:\Users\Eli\jagex_cl_loginapplet_LIVE.dat
[2012/10/04 19:26:48 | 000,006,656 | ---- | C] () -- C:\Users\Eli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/29 12:35:53 | 000,000,047 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/29 12:35:53 | 000,000,024 | ---- | C] () -- C:\Users\Eli\random.dat
[2012/06/12 10:25:39 | 000,000,023 | ---- | C] () -- C:\Users\Eli\jagexappletviewer.preferences
[2012/06/10 23:00:15 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE3.dat
[2012/06/08 21:43:42 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE2.dat
[2012/05/31 23:34:26 | 000,000,043 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE1.dat
[2012/05/31 13:00:35 | 000,000,032 | ---- | C] () -- C:\Users\Eli\jagex_cl_runescape_LIVE.dat
[2012/03/26 19:15:55 | 000,006,676 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/03/20 14:18:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/01/05 21:12:18 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\acccore
[2010/05/18 15:52:25 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\Deusty
[2013/08/02 12:43:06 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\LolClient
[2011/01/08 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\NetAssistant
[2009/12/24 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\PictureMover
[2013/02/21 11:46:26 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\TeamViewer
[2009/12/24 03:23:34 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\Template
[2009/12/24 12:31:26 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\WildTangent
[2010/05/27 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Abraham\AppData\Roaming\WinBatch
[2013/10/08 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\.minecraft
[2012/09/10 17:57:17 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\acccore
[2013/04/12 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Armagetron
[2013/05/27 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Azureus
[2012/08/04 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Bucksbee Loyalty Plugin 100815.b for Chrome
[2013/01/05 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\fltk.org
[2013/02/28 22:39:42 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\ftblauncher
[2013/02/12 22:34:00 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\LogSys
[2013/01/31 08:01:36 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\LolClient
[2013/05/11 23:54:28 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\MAXON
[2013/05/06 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\MonoDevelop-Unity-2.8
[2013/05/27 15:34:36 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Nico Mak Computing
[2013/10/24 23:24:34 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\OBS
[2013/07/22 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Oracle
[2013/09/06 20:31:54 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Riot Games
[2013/03/03 20:19:47 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Rylstim Screen Recorder
[2013/10/20 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\SanDisk
[2013/01/07 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\SanDisk SecureAccess
[2012/09/14 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Screaming Bee
[2013/05/06 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\stetic
[2013/03/17 20:41:40 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\TeamViewer
[2012/10/04 19:20:45 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\TechSmith
[2013/05/06 19:06:06 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\Unity
[2013/10/27 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Eli\AppData\Roaming\uTorrent
[2010/01/15 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\acccore
[2010/01/08 12:24:54 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\PictureMover
[2013/04/14 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\TeamViewer
[2010/01/11 23:28:31 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\Template
[2012/01/01 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\WildTangent
[2010/05/05 21:23:39 | 000,000,000 | ---D | M] -- C:\Users\Grandma Di-Di\AppData\Roaming\WinBatch
[2013/01/06 20:56:53 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\.minecraft
[2009/12/25 22:07:37 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\acccore
[2010/10/10 00:32:27 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\Deusty
[2013/07/30 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\LolClient
[2009/12/25 21:58:10 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\PictureMover
[2013/02/19 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\TeamViewer
[2010/01/04 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\Template
[2010/05/30 17:59:53 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\WildTangent
[2010/01/06 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Gretchen\AppData\Roaming\WinBatch
[2012/09/07 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\.minecraft
[2009/12/24 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\acccore
[2010/07/21 00:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\GARMIN
[2009/12/24 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\PictureMover
[2009/12/28 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\Template
[2012/05/16 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\TS3Client
[2010/12/21 11:15:16 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\WildTangent
[2010/01/04 20:00:49 | 000,000,000 | ---D | M] -- C:\Users\Jed\AppData\Roaming\WinBatch
[2012/05/26 08:55:16 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\.minecraft
[2010/05/03 15:28:28 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\acccore
[2011/11/14 19:54:08 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\com.Shutterfly.ExpressUploader
[2009/12/31 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\PictureMover
[2010/01/10 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\Template
[2012/01/02 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\WildTangent
[2010/05/12 19:19:18 | 000,000,000 | ---D | M] -- C:\Users\Veronica\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 10/27/2013 21:20:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Eli\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 63.97% Memory free
11.50 Gb Paging File | 8.95 Gb Available in Paging File | 77.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 367.32 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS

Computer Name: BUNDLEOFJOY | User Name: Eli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C5380-36FA-4862-8075-84219DD9EBB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{048FDBB5-E313-45E0-89DF-F7ED7F244291}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0854B639-76E2-448C-9A89-8A6DCB7ABBB2}" = lport=1641 | protocol=6 | dir=in | name=mionet remote drive verification |
"{2F6E8BF8-1B8A-4773-8909-A4F9E908210A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3DA4E1EF-F9AB-482C-B9B3-E23B8E12C267}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E6BFF08-A4C9-4038-AE7D-AC71E129C164}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F10C8F1-4680-4BBB-89E4-BDED390481CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{595C750D-A44E-4E06-AF83-B5342DDE4280}" = rport=445 | protocol=6 | dir=out | app=system |
"{606E11C8-6B19-4556-952D-747D76E81E0B}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B323F27-C864-40B7-8EB7-02F2D94BF712}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6C8B8C05-7CA4-4BA6-A066-FD928847C6F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EBA2F6F-6ADC-494F-BE69-7875346184F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8056738B-3AD2-4FC4-B8C2-36DAE29F15F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{87CFCD82-FEC2-4BD5-AD80-B7D0D365930F}" = rport=138 | protocol=17 | dir=out | app=system |
"{91378E59-C69F-45F7-9618-74B7F106520D}" = lport=139 | protocol=6 | dir=in | app=system |
"{944CCF6B-539A-47B3-B18D-DA823AFE92B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{998903B7-504C-4316-8440-4AE113C3772C}" = lport=1700 | protocol=6 | dir=in | name=mionet remote drive access |
"{A3B0231D-CF7C-44ED-94E9-35A08AD88B24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF9513C1-A926-4972-A670-3C44B7605B1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{BEF31935-4006-41C0-8258-48BD4A55ACC2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CD022D9E-AC3D-421B-9430-7B4916859AFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0899E79-7FD2-4F70-8FA6-C926026117C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{D487654D-6DD2-4DC4-B37B-2398FC621193}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF324B48-EC81-4099-A289-F786AF898318}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0E5BA39-8FC0-407F-A60C-B530655CE3EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5343616-D8B1-4652-B70B-271026645722}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFCC8058-44BF-45F2-AD35-30C9B4D200A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{050E09D6-53F7-4752-B904-55C67B972DF1}" = protocol=17 | dir=in | app=c:\users\eli\appdata\roaming\utorrent\utorrent.exe |
"{06F1634B-371F-4900-BE1C-AA3C151C36F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{072A1C14-D3D6-4A15-BD05-1A0167C7EBCA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{0AD0E2E7-3514-4E01-9826-FB72D12D5582}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B6C1B97-29F9-4C17-A9B0-C64775683006}" = protocol=6 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
"{0E3125EB-F9C7-4FD5-8D72-98E97BA1837C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{10F87007-0F28-45AE-B11E-2697F8F4FA7B}" = protocol=17 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
"{16C7C5AD-9A66-4494-A6D2-7671B84BB830}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{194C54B6-7183-4941-A806-184C7529454C}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1A3B0F1B-079D-456B-B804-EFA4155CAC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1BD0F490-430B-4F2A-BFF5-E8C06131C81D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{22454D06-D0DA-442F-8B79-A2517310E3A1}" = protocol=6 | dir=in | app=c:\users\eli\appdata\roaming\utorrent\utorrent.exe |
"{23F1CB8B-6609-4F1F-B5FC-24A431012706}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2BA7BE62-2746-419B-853A-549D60F399BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2D99C7EB-788C-4D1A-A498-E1B9AB3279A2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{2EA9E53D-3507-4D54-9825-9723C62D09BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{332F27B5-056C-43B8-A1C5-C6B55253BB09}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{347A5211-6F4C-411E-9067-B89801857288}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{357EA1B7-B059-4336-95F8-D4200184A2CB}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"{37431D5E-26AC-4C2B-995C-6C6E84A660F9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{39A65EF9-4308-4DDD-95AF-7EC69FEB802F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{3C1D4F39-295D-4826-A366-6F423A99563F}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"{44C01921-B7F0-4672-B6FC-1A6003C6224B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{47B568A3-380A-4CB8-AE5B-EBDCDEB36F72}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4A253D14-4DD4-4D0F-B41A-DDA22DABB34C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{4B5C78E2-959B-46E3-8D74-E2BDB8FA6570}" = protocol=6 | dir=out | app=system |
"{4C1ABD67-8CC1-46A0-8FB1-46105A6F6A91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4E1FDABC-D3CD-426C-A16F-4CB9534BF62E}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5181F7DE-5F6F-46D2-A38F-AA63DB94CB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe |
"{5A21449A-9ECD-42BE-9F7A-79ADC558E907}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5B82CB9C-8EBE-4505-A042-0C418A24E2B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\launcher.exe |
"{5C50676E-569A-46DF-9495-A9DDFD2A7013}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{604DA2FB-BB5C-4508-B344-9D3D77923EB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{618CC154-AAB0-4186-B244-4BB9EBA68D53}" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"{624D1A63-BABC-4402-BD2A-DCC9DBB2BB20}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67AF9431-6C04-494D-8EA4-3110E156140E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68175F1A-ECB6-4FBF-BA0C-952ECC8C9990}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6ACE80BE-72ED-4DF7-8E8D-B1CA5BD2DE77}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6D256FC0-CD7C-453C-A7A5-1E0D45740BC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73103B2D-EA2E-4037-B9F9-AA2E9203D38A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{73540F21-4D91-4C96-AED1-C2E82C751C62}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{746F7327-DECA-4777-B76E-A282DF9787D9}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{8157B522-6D61-4573-8CE1-35EE35B1ECA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8182104F-32A8-43A8-9DA5-F7A5386083A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{862AFB70-51E0-4527-A271-8089B56E8C4F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{8BE37FAE-56F8-40DA-89DA-3807EF2A94CE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8BFA6AC3-F803-4639-A589-CB6C78064D4F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{8CAE016E-5CF5-467D-8F5D-73A21B82905B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CEA4AEB-758D-4995-BECF-E4427A15FB2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E080CF5-5EAE-4213-B4D4-ADF31C764573}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{8FF826D8-61AA-4938-9796-166B111755FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{904BC22B-5D32-4099-A21A-A6C71CC174D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\aamfp.exe |
"{91E60895-D32E-4FE6-888C-509F75A5F7F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9218C921-DAAE-4582-86C0-4163F8EC6D64}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A3FCE395-38DB-4A29-A9DF-740B8AD6BD55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{A46977CF-9B6F-441B-A0FD-CFEF7B473B78}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A92C0769-CFDC-4D64-AFD5-D1D886C5AF92}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{AAE0048F-4446-4AED-9153-3B640F3A7BE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B06F8293-1321-4CEB-92E5-8C392AA882BB}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B20FDF14-259A-44FA-928D-EAD3FEEAB9D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{B4415507-666B-4A3D-8CFC-170EFF83D875}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{B494439A-9BEB-48F6-A087-719F9958E38C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B8984FDB-AAAC-43D2-A120-B575CCE162A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\aamfp.exe |
"{BA2BEE6F-E326-4D09-AABC-BD011D6FE587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BCAB4D33-AEC3-441D-B390-59111134F2BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BE5095F0-BA24-47B7-80C0-32296509ECE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF42186E-FDE8-446C-8874-5907F609AAFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0B51E5A-AC85-4249-B43A-2E4B4083B638}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{C14F40E2-0211-4FC3-A025-239DAD448ACF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2EADB2B-F182-4706-905D-7B6082ED6A23}" = dir=in | app=c:\users\eli\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{C4A2B833-6482-4B83-BA56-98555DDEC37C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{CE4C27A3-2B4D-456F-9815-16CCF95DB193}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D7EAD038-DA07-4098-A461-C6C2514AFBD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DC5F1B77-0E02-4360-9896-C7AE6F55EFA4}" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"{DD43D10B-6AE5-4D5B-AD52-4EDB05D552A2}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{DE6F8282-7B09-49E5-8632-D91EA359CB7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E754873C-3B45-418C-9129-A5DA6AC23A57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\machine for pigs\launcher.exe |
"{E7DECE07-327D-48EB-AE3B-FD30E6B9870B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA0A3A4E-2E3E-455F-8C6B-F661C633288F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB1C04C7-9B3A-4A67-A3E5-66DCCE9F3192}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{EEC113AF-2498-4253-A66E-443C7D373A89}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F8578D2E-3E80-4FE2-8C82-938A26553736}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{FF2ECD1E-BD42-44DB-AB73-C61F5480EB99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FF2FA4EB-3150-415A-978B-91723EBA63AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1F6C2BD1-B454-4243-8B1C-35AA261407F8}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
"TCP Query User{22538201-C260-40D4-AD9B-55514EDA967D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{24068793-CE32-4E2D-9D62-F29A9C0D41B7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{2D8668C9-663C-4450-A794-FE4E60E30499}C:\program files (x86)\armagetron advanced\armagetronad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
"TCP Query User{45D250A5-7E52-4348-A4F2-599FC19A6BA9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{69A2709D-6178-4976-A627-796FF17B4F76}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6B1442A5-1451-46F1-8B9A-9FAE8D4975B0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{7569EA93-3A28-45EB-986B-8F4929B7AB4F}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"TCP Query User{8A12BC26-4CEF-41A3-934D-5B2BDB817C07}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
 
"TCP Query User{97245264-CEA7-41ED-9D42-48BF3F62FCAB}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"TCP Query User{B62D02EE-7621-42FF-80C5-3E8ECCF0D857}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{B814E2DA-F942-4E3B-BAE3-9F680753C321}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{DD208215-4618-4D8F-AA75-E188DB2FDCA7}C:\users\eli\google drive\utorrent download(s)\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eli\google drive\utorrent download(s)\utorrent.exe |
"TCP Query User{E1B03B37-1DDC-4400-9CCE-F617CCF61D13}C:\users\eli\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\eli\desktop\utorrent.exe |
"TCP Query User{F71D6C40-3704-4BA3-B6C6-42C3E379B48A}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FBD856BA-0F0E-44D7-88BF-41268634DDA8}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"UDP Query User{206935D1-FAC3-4CB8-AF79-9E4A34FE9C81}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\monodevelop\bin\monodevelop.exe |
"UDP Query User{270DD85C-A8D3-43FD-AC83-9FE1EF7CA33B}C:\program files (x86)\armagetron advanced\armagetronad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\armagetron advanced\armagetronad.exe |
"UDP Query User{2B460557-0BB6-4D5A-B3AE-E86348B882EA}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |
"UDP Query User{413AEC22-361D-42F9-8748-04BAD27CF73E}C:\users\eli\google drive\utorrent download(s)\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eli\google drive\utorrent download(s)\utorrent.exe |
"UDP Query User{447D410F-F8B1-4486-8A20-AB094AB2FE8A}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{60078C13-CE78-46BD-B104-576697A7A698}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{6A3B03D4-8869-4950-A18E-31572202D8E0}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{6DD372D7-3C77-4DD1-B842-F98D606E7F6E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{7C7DD84F-83BE-48FA-9A99-AD199E393CE8}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"UDP Query User{9533A1B1-5AAB-43D3-AE67-F8548576963A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{A57E96F0-34A6-4CE9-ADB9-1D53AA6F9199}C:\users\eli\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\eli\desktop\utorrent.exe |
"UDP Query User{C41D2473-A92B-461B-9123-308ADD66B862}C:\program files (x86)\deusty\mojo\mojo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deusty\mojo\mojo.exe |
"UDP Query User{C6B00EB2-DB5D-46F4-BCDC-54413BDAA06C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{CA3476C5-D394-44F6-90F7-F2B08BCB485E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{D0E23271-0017-4461-9584-FA1B86C38796}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DC974569-D317-4140-8901-B180697574CC}C:\users\eli\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\eli\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PerformanceTest 8_is1" = PerformanceTest v8.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{269A4095-DB55-4D35-8FD0-39957D26BEEC}" = Philips VLounge
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD521EA9-7D08-403D-A830-38ECD1F76C38}" = MOVband SYNC
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12A328A-7F9C-48FB-9E98-F51549FEC2B6}" = Philips SPC 300NC PC Camera
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F7616580-DB3E-46e1-ADC9-B83DFE059D5A}" = Advanced ID Creator
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AIM Toolbar" = AOL Messaging Toolbar
"AIM_7" = AIM 7
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.2
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"Bucksbee Loyalty Plugin 100815.b for Chrome" = Bucksbee Loyalty Plugin 100815.b for Chrome
"CINEMA 4D R14" = CINEMA 4D R14
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"DealCabby" = DealCabby
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"Free RAR Extract Frog" = Free RAR Extract Frog
"GetSavin" = GetSavin
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Homepage Protection" = Homepage Protection
"HotspotShield" = Hotspot Shield 3.17
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"MioNet" = MioNet
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Razer Game Booster_is1" = Razer Game Booster
"Scratch" = Scratch
"SIPPS!UninstallKey" = SIPPS
"Steam App 4000" = Garry's Mod
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"TeamViewer 8" = TeamViewer 8
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite" = Windows Live Essentials
"XviD Video Codec" = XviD Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1080744780-1357818022-3563604407-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Akamai" = Akamai NetSession Interface
"Audio Converter" = Audio Converter
"Half-Life 2" = Half-Life 2
"Search Protection" = Search Protection
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 7/14/2010 17:09:50 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/14/2010 17:09:51 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/21/2010 17:04:34 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/21/2010 17:04:34 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/21/2010 17:05:44 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/23/2010 22:11:29 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/23/2010 22:11:30 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/5/2010 10:29:20 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/5/2010 10:29:21 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/5/2010 11:00:20 | Computer Name = BundleofJoy | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)


< End of report >
 
Back