Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015
Ran by yeehow (administrator) on LIEW-F1417587CB (21-08-2015 11:06:45)
Running from C:\Documents and Settings\yeehow\My Documents\Downloads
Loaded Profiles: yeehow (Available Profiles: yeejin & yeehow & yeezhian & mayliew & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
(InterVideo Inc.) C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) D:\Accounting\MS SQL Server 2005E\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\Program Files\igfx32\igfx32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
() C:\Documents and Settings\yeehow\Local Settings\Application Data\Zaamzim.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\GarenaMessenger.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\ggdllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\BBTalk.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Solid State Networks) C:\Program Files\GarenaLoL\GameData\Apps\LoL\lol.exe
() C:\Program Files\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Documents and Settings\yeehow\My Documents\Downloads\avast_free_antivirus_setup.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\DOCUME~1\yeehow\LOCALS~1\Temp\_av_iup.tm~a04632\instup.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [APSDaemon] => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2003-10-31] (Cyberlink Corp.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-08-15] (RealNetworks, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start
http://www.avg.com/ww.special-unins...QAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANwAxAD (the data entry has 349 more characters).
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [QuickTime Task] => "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [BIBLauncher] => C:\Program Files\Business-in-a-Box\BIBLauncher.exe
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [GarenaPlus] => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\ExtTag\DonZozstring.dll => C:\Documents and Settings\All Users\Application Data\ExtTag\DonZozstring.dll [128000 2015-08-20] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk [2014-05-23]
ShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
Startup: C:\Documents and Settings\mayliew\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\yeehow\Application Data\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Documents and Settings\yeejin\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk [2010-05-22]
ShortcutTarget: My_AutoWarkey_Script.lnk -> C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.msn.com/?ocid=OIE8HP&PC=B8DF
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://
www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.1.0.18
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXeXvOb402ijbbUMLfpacHKe8blXdRdbMIfcPPE-Cjul7SoRMLYo6aiCwCtMt82G3yLVICWyN5l7upEft
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.msn.com/?ocid=OIE8HP&PC=B8DF
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.claro-search.com/?affID=115131&tt=3312_3&babsrc=HP_iclro&mntrId=785171670000000000001c7ee55da9f4
HKU\S-1-5-21-1708537768-484763869-1801674531-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\windows\system32\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={403C707D-A3BE-4D18-9432-1FB647272D88}&mid=692f4a65ca390ea81945f4c38f34ac5d-4a610747be0eed310e2c10440192e4236e074e76&lang=us&ds=AVG&pr=fr&d=2011-12-01 22:06:32&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {A6D5CBCB-40D4-421C-A70A-9FE2BE56E997} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://
www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=kwmusic_adr
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74
SearchScopes: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu88rfnCUFXHGLyfJA1YpvE8NSQmAk8nOYLBli3sMfAXaBrc2WIch5Ua14DyMXwWsXelLdiqOrFgkxLDSn07P5iL0NCtETSs0dWN574LredoBOgF8_8wzgb9Phtg8VvJFRvFaEX8qm_xs_y8E&q={searchTerms}
BHO: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files\Claro LTD\claro\1.6.4.1\bh\claro.dll [2012-07-09] (Montera Technologeis LTD)
BHO: Yahoo! Companion BHO -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: No Name -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: DigiSaveR -> {4f4124cd-09cb-4c08-9156-2d6e15f2c7a1} -> C:\Program Files\DigiSaveR\WGcH3saZaEX9KY.dll No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Rich Media Downloader -> {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll [2013-04-16] (Radiocom CJSC)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
BHO: Rich Media Player -> {FEB703F7-E7B2-4AB0-9566-87658AC70095} -> C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll [2013-03-12] ()
Toolbar: HKLM - &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.6.4.1\claroTlbr.dll [2012-07-09] (Montera Technologeis LTD)
Toolbar: HKLM - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
Toolbar: HKU\S-1-5-21-1708537768-484763869-1801674531-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{26CEE3C0-771A-4FC4-82B3-8AE14B3A351F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8AB78108-20E8-4B8E-974B-DB58DDC07083}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default
FF DefaultSearchEngine: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.HP
FF Keyword.URL: hxxp://websearch.thesearchpage.info/?pid=2356&r=2015/01/14&hid=11438438565546579678&lg=EN&cc=MY&unqvl=74&l=1&q=
FF NewTab: C:\Documents and Settings\All Users\Application Data\ExtTags\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-19] (globalUpdate)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\gaa\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-07-07] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\yeehow\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1708537768-484763869-1801674531-1004: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-04-03] (Pando Networks)
FF user.js: detected! => C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\user.js [2012-08-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2014-08-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-03-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2013-03-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2014-08-15] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-10-27] (Nullsoft, Inc.)
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\Ask.xml [2013-09-25]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\findit.xml [2015-08-20]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\safesearch.xml [2015-07-03]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\search-here.xml [2015-07-29]
FF SearchPlugin: C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\searchplugins\WebSearch.xml [2015-02-15]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2011-09-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2013-09-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-03-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-08-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2011-09-14]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013-05-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\findit.xml [2015-08-20]
FF Extension: SavePass 1.1 - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-08-19]
FF Extension: BestSavEFaorYoue - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\99ZsY@mz.net [2015-02-15]
FF Extension: DisscountExteansi - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\eyj1uHM@w6Z.com [2015-02-15]
FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\HmRtL027Xm@A.com [2015-02-15]
FF Extension: JOONeiCeoupon - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\kYw@V6y.org [2015-02-15]
FF Extension: uunisales - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\QS@A8Ra1UO7.com [2015-02-15]
FF Extension: youtubeadblocker - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\T1@Y.org [2015-07-03]
FF Extension: Fun2Savve - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\tMwuQDrDv@2.org [2015-02-15]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-21]
FF Extension: New tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{22DA3B04-FD20-3544-DA68-52829EE1CE45} [2014-01-12]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-09-11]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-07-08]
FF Extension: Default Tab - C:\Documents and Settings\yeehow\Application Data\Mozilla\Firefox\Profiles\1h8v49z0.default\Extensions\addon@defaulttab.com.xpi [2013-09-25]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2013-12-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-04]
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-05]
FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox
FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-06-11]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-01]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{3DF4B26D-DB19-45DF-962A-6719D071245B}] - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}
FF Extension: Rich Media Player extension - C:\Documents and Settings\mayliew\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013-05-25]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-15]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-08-21]