For about a month, this Windows 7 desktop computer has been experiencing issues and has been unable to use Google Chrome. The browser loads with a blank white screen and no sites or settings will appear on screen. Upon further examination, this computer also had several unnecessary toolbars and other software installed. Using a combination of Microsoft Security Essentials, Malwarebytes Anti-Malware, and ESET Online Scanner many possible threats were removed, but the computer is still experiencing issues and Google Chrome's behavior remains unchanged. Any help you could provide in resolving these issues would be appreciated. Thank you in advance.
Solved Possible Adware/Malware, No Longer Able to Run Google Chrome
- Thread starter KyleP
- Start date
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.06.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sean :: SEAN44 [administrator]
1/6/2014 8:00:15 PM
mbam-log-2014-01-06 (20-00-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221061
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Sean at 20:22:35 on 2014-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.4784 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?tpid=BCPA3&o=APN10476&pf=V7&trgb=&p2=%5EAL1%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EAL1&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_26.0.1410.64&apn_uid=685B2D70-810D-498D-B166-7470CEDB7867&itbv=11.8.1.233&doi=2013-05-14&psv=
mStart Page = hxxp://www.google.com
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ASRockXTU] <no file>
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F}\1417571686F6C6963637 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\skc4df~1.enh\psupport.dll c:\progra~2\websea~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} -
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} -
x64-BHO: SearchNewTab: {2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} -
x64-BHO: ssurf AnD keep: {337262F8-5207-1CF5-97A4-D89CAF8D9788} -
x64-BHO: YoutubeAdblocker: {423A284C-120C-A709-784F-DEC29D3A0DDD} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: SearchNewTab: {93625CB0-137D-155C-A14B-7061D9F99A9F} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-12-07 14:38; image-blocker@erikvold.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
FF - ExtSQL: 2013-12-07 14:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-12-07 14:44; kabl@trac.arantius.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
FF - ExtSQL: 2013-12-07 14:44; gmailnoads@mywebber.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-12-07 14:44; adblockpopups@jessehakanen.net; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-12-10 12:53; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-5-13 31016]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-5-11 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-5-11 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-13 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-5-13 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-12 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-5-11 16648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-16 241152]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-11 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-5-11 129856]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-11 166720]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-11 365344]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-22 23552]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-11 342528]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-13 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-13 788760]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-5-11 32344]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2013-5-17 1047144]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-5-13 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-5-12 32320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-13 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-06 23:02:47 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF5800FD-E453-445B-960E-D1A3E0826707}\offreg.dll
2014-01-06 23:01:25 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-06 18:03:11 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-01-06 16:11:20 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-06 16:02:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Malwarebytes
2014-01-06 16:02:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-06 16:02:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-06 16:02:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 15:45:57 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-01-06 06:19:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF5800FD-E453-445B-960E-D1A3E0826707}\mpengine.dll
2014-01-03 19:00:20 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-22 00:52:56 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-12-22 00:52:46 -------- d-----w- C:\Users\Sean\AppData\Local\Oblivion
2013-12-17 19:55:05 -------- d-----w- C:\Users\Sean\AppData\Local\LogMeIn Hamachi
2013-12-17 19:55:05 -------- d-----w- C:\Users\Sean\AppData\Local\LogMeIn
2013-12-17 19:55:05 -------- d-----w- C:\ProgramData\LogMeIn
2013-12-17 19:53:52 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-17 16:42:40 -------- d-----w- C:\Program Files (x86)\Assassins Creed IV Black Flag
2013-12-17 03:04:26 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2013-12-12 09:04:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 09:04:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:04:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 09:04:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 09:26:51 335360 ----a-w- C:\Windows\System32\msieftp.dll
.
==================== Find3M ====================
.
2014-01-06 23:01:25 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-01-06 22:39:06 291944 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-06 18:03:18 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-15 09:05:30 1754928 ----a-w- C:\Windows\System32\dmwu.exe
2013-10-15 08:59:58 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 20:22:39.89 ===============
www.malwarebytes.org
Database version: v2014.01.06.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sean :: SEAN44 [administrator]
1/6/2014 8:00:15 PM
mbam-log-2014-01-06 (20-00-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221061
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Sean at 20:22:35 on 2014-01-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.4784 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.ask.com/?tpid=BCPA3&o=APN10476&pf=V7&trgb=&p2=%5EAL1%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EAL1&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_26.0.1410.64&apn_uid=685B2D70-810D-498D-B166-7470CEDB7867&itbv=11.8.1.233&doi=2013-05-14&psv=
mStart Page = hxxp://www.google.com
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [ASRockXTU] <no file>
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F}\1417571686F6C6963637 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\skc4df~1.enh\psupport.dll c:\progra~2\websea~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Plus-HD-1.3: {11111111-1111-1111-1111-110311121157} -
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} -
x64-BHO: SearchNewTab: {2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} -
x64-BHO: ssurf AnD keep: {337262F8-5207-1CF5-97A4-D89CAF8D9788} -
x64-BHO: YoutubeAdblocker: {423A284C-120C-A709-784F-DEC29D3A0DDD} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: SearchNewTab: {93625CB0-137D-155C-A14B-7061D9F99A9F} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-12-07 14:38; image-blocker@erikvold.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
FF - ExtSQL: 2013-12-07 14:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-12-07 14:44; kabl@trac.arantius.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
FF - ExtSQL: 2013-12-07 14:44; gmailnoads@mywebber.com; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-12-07 14:44; adblockpopups@jessehakanen.net; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-12-10 12:53; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-5-13 31016]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-5-11 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-5-11 28216]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-13 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-5-13 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-12 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-5-11 16648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-16 241152]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-11 14904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-5-11 129856]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-11 166720]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-11 365344]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-22 23552]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-11 342528]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-13 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-13 788760]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-5-11 32344]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-1-23 13368]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2013-5-17 1047144]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-5-13 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-5-12 32320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-13 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-06 23:02:47 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF5800FD-E453-445B-960E-D1A3E0826707}\offreg.dll
2014-01-06 23:01:25 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-06 18:03:11 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-01-06 16:11:20 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-06 16:02:46 -------- d-----w- C:\Users\Sean\AppData\Roaming\Malwarebytes
2014-01-06 16:02:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-06 16:02:29 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-06 16:02:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-06 15:45:57 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-01-06 06:19:13 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FF5800FD-E453-445B-960E-D1A3E0826707}\mpengine.dll
2014-01-03 19:00:20 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-22 00:52:56 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-12-22 00:52:46 -------- d-----w- C:\Users\Sean\AppData\Local\Oblivion
2013-12-17 19:55:05 -------- d-----w- C:\Users\Sean\AppData\Local\LogMeIn Hamachi
2013-12-17 19:55:05 -------- d-----w- C:\Users\Sean\AppData\Local\LogMeIn
2013-12-17 19:55:05 -------- d-----w- C:\ProgramData\LogMeIn
2013-12-17 19:53:52 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-17 16:42:40 -------- d-----w- C:\Program Files (x86)\Assassins Creed IV Black Flag
2013-12-17 03:04:26 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2013-12-12 09:04:34 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 09:04:34 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:04:33 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 09:04:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 09:26:51 335360 ----a-w- C:\Windows\System32\msieftp.dll
.
==================== Find3M ====================
.
2014-01-06 23:01:25 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-01-06 22:39:06 291944 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-06 18:03:18 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-15 09:05:30 1754928 ----a-w- C:\Windows\System32\dmwu.exe
2013-10-15 08:59:58 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
.
============= FINISH: 20:22:39.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2013 7:42:09 AM
System Uptime: 1/6/2014 5:00:59 PM (3 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 244.094 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 1/6/2014 12:18:51 AM - Windows Update
RP123: 1/6/2014 9:47:46 AM - Revo Uninstaller's restore point - Ask Toolbar
RP124: 1/6/2014 11:59:43 AM - Installed DirectX
RP125: 1/6/2014 5:16:48 PM - Revo Uninstaller's restore point - DMUninstaller
RP126: 1/6/2014 5:19:07 PM - Revo Uninstaller's restore point - Internet Explorer Toolbar 4.8 by SweetPacks
RP127: 1/6/2014 5:20:03 PM - Revo Uninstaller's restore point - Internet Explorer Toolbar 4.8 by SweetPacks
RP128: 1/6/2014 5:21:21 PM - Revo Uninstaller's restore point - InternetHelper3.1 Toolbar
RP129: 1/6/2014 5:22:11 PM - Revo Uninstaller's restore point - IObit Apps Toolbar v8.5
RP130: 1/6/2014 5:22:26 PM - Removed IObit Apps Toolbar v8.5.
RP131: 1/6/2014 5:23:57 PM - Revo Uninstaller's restore point - NewFreeScreensaver nfsAutumnCame
RP132: 1/6/2014 5:24:45 PM - Revo Uninstaller's restore point - PunkBuster Services
RP133: 1/6/2014 5:25:34 PM - Revo Uninstaller's restore point - RapidFinda
RP134: 1/6/2014 5:26:42 PM - Revo Uninstaller's restore point - Search Assistant WebSearch 1.74
RP135: 1/6/2014 5:27:44 PM - Revo Uninstaller's restore point - SK.Helper 1.74
RP136: 1/6/2014 5:28:30 PM - Revo Uninstaller's restore point - weDownload Manager Pro
RP137: 1/6/2014 5:30:36 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.257
ASRock InstantBoot v1.29
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
Assassins Creed IV Black Flag
ASUS USB-N13 WLAN Card Utilities & Driver
Bonjour
Broadcom NetLink Controller
Bundled software uninstaller
Business Contact Manager for Microsoft Outlook 2010
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series MP Drivers
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Thai
CCC Help Turkish
CCleaner
Chivalry: Medieval Warfare
Chivalry: Medieval Warfare Beta
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Core Temp 1.0 RC5
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolphin x86 4.0
ESET Online Scanner v3
Fallout 3
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Far Cry 3
Files Access
Google Chrome
Google Earth
Google Update Helper
Heaven Benchmark version 4.0
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 21 (64-bit)
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
MATLAB R2013a
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Interactive Training Network Version
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Media Content
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Mount & Blade Demo
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nexus Mod Manager
Oblivion
Photo Common
Photo Gallery
PlanetSide 2
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sql Server Customer Experience Improvement Program
Star Wars - Battlefront II
Steam
The Elder Scrolls V Skyrim
TheMatrix Screen Saver version 1.14
THX TruStudio
Unity Web Player
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Uplay
VLC media player 2.0.6
West Point Bridge Designer 2013 (2nd Edition) (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
XFast LAN v6.61
XFastUSB
Yontoo 2.053
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 12:53:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 12:42:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:42:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:42:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:41:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 10:50:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 10:41:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/6/2014 5:01:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
1/2/2014 11:15:59 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/2/2014 11:15:51 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Games\Steam\SteamApps\common\skyrim\EditorWarnings.txt
1/2/2014 10:20:25 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/11/2013 7:42:09 AM
System Uptime: 1/6/2014 5:00:59 PM (3 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 244.094 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 1/6/2014 12:18:51 AM - Windows Update
RP123: 1/6/2014 9:47:46 AM - Revo Uninstaller's restore point - Ask Toolbar
RP124: 1/6/2014 11:59:43 AM - Installed DirectX
RP125: 1/6/2014 5:16:48 PM - Revo Uninstaller's restore point - DMUninstaller
RP126: 1/6/2014 5:19:07 PM - Revo Uninstaller's restore point - Internet Explorer Toolbar 4.8 by SweetPacks
RP127: 1/6/2014 5:20:03 PM - Revo Uninstaller's restore point - Internet Explorer Toolbar 4.8 by SweetPacks
RP128: 1/6/2014 5:21:21 PM - Revo Uninstaller's restore point - InternetHelper3.1 Toolbar
RP129: 1/6/2014 5:22:11 PM - Revo Uninstaller's restore point - IObit Apps Toolbar v8.5
RP130: 1/6/2014 5:22:26 PM - Removed IObit Apps Toolbar v8.5.
RP131: 1/6/2014 5:23:57 PM - Revo Uninstaller's restore point - NewFreeScreensaver nfsAutumnCame
RP132: 1/6/2014 5:24:45 PM - Revo Uninstaller's restore point - PunkBuster Services
RP133: 1/6/2014 5:25:34 PM - Revo Uninstaller's restore point - RapidFinda
RP134: 1/6/2014 5:26:42 PM - Revo Uninstaller's restore point - Search Assistant WebSearch 1.74
RP135: 1/6/2014 5:27:44 PM - Revo Uninstaller's restore point - SK.Helper 1.74
RP136: 1/6/2014 5:28:30 PM - Revo Uninstaller's restore point - weDownload Manager Pro
RP137: 1/6/2014 5:30:36 PM - Revo Uninstaller's restore point - Google Chrome
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.257
ASRock InstantBoot v1.29
ASRock SmartConnect v1.0.6
ASRock XFast RAM v2.0.9
Assassins Creed IV Black Flag
ASUS USB-N13 WLAN Card Utilities & Driver
Bonjour
Broadcom NetLink Controller
Bundled software uninstaller
Business Contact Manager for Microsoft Outlook 2010
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series MP Drivers
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Italian
CCC Help Thai
CCC Help Turkish
CCleaner
Chivalry: Medieval Warfare
Chivalry: Medieval Warfare Beta
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Core Temp 1.0 RC5
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dolphin x86 4.0
ESET Online Scanner v3
Fallout 3
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Far Cry 3
Files Access
Google Chrome
Google Earth
Google Update Helper
Heaven Benchmark version 4.0
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) Smart Connect Technology 2.0 x64
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 21 (64-bit)
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
MATLAB R2013a
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Interactive Training Network Version
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Media Content
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Mount & Blade Demo
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSI Afterburner 2.3.1
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nexus Mod Manager
Oblivion
Photo Common
Photo Gallery
PlanetSide 2
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sql Server Customer Experience Improvement Program
Star Wars - Battlefront II
Steam
The Elder Scrolls V Skyrim
TheMatrix Screen Saver version 1.14
THX TruStudio
Unity Web Player
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Uplay
VLC media player 2.0.6
West Point Bridge Designer 2013 (2nd Edition) (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
XFast LAN v6.61
XFastUSB
Yontoo 2.053
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 12:53:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:52:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 12:42:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:42:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:42:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 12:41:44 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 10:50:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:49:24 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/31/2013 10:41:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
12/31/2013 10:40:22 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/6/2014 5:01:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
1/2/2014 11:15:59 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/2/2014 11:15:51 AM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Games\Steam\SteamApps\common\skyrim\EditorWarnings.txt
1/2/2014 10:20:25 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 109.61.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 2.1.10003.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
1/2/2014 10:19:26 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.4.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
Broni
Posts: 56,041 +516
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni
Posts: 56,041 +516
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
- Unzip downloaded file.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
RogueKiller does not finish the pre-scan. The scan makes it to dllhost.exe and goes no further. MBAR detected no malware.
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.06.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sean :: SEAN44 [administrator]
1/6/2014 9:30:19 PM
mbar-log-2014-01-06 (21-30-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 246460
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8467668992, free: 5706379264
Downloaded database version: v2014.01.06.09
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
01/06/2014 21:30:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\rtwlanu.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\??\C:\Users\Sean\AppData\Local\Temp\ALSysIO64.sys
\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80097b3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xfffffa8007513060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80097b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079fac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8007513060, DeviceName: \Device\0000006a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 923E0934
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2014.01.06.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sean :: SEAN44 [administrator]
1/6/2014 9:30:19 PM
mbar-log-2014-01-06 (21-30-19).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 246460
Time elapsed: 6 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.16476
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8467668992, free: 5706379264
Downloaded database version: v2014.01.06.09
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
01/06/2014 21:30:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\DRIVERS\AsrRamDisk.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\FNETURPX.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\asmtxhci.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\rtwlanu.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\asmthub3.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\??\C:\Users\Sean\AppData\Local\Temp\ALSysIO64.sys
\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80097b3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006a\
Lower Device Object: 0xfffffa8007513060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80097b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079fac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa8007513060, DeviceName: \Device\0000006a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 923E0934
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 976564224
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Broni
Posts: 56,041 +516
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
ComboFix 14-01-04.03 - Sean 01/06/2014 22:07:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.5381 [GMT -6:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\background.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\crossriderManifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\manifest.xml
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\userCode\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\userCode\extension.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\actions\1.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon128.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon16.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon48.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\chrome.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\cookie.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\message.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\pageAction.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\pageActionBG.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\bg_app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\consts.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\cookie_store.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\crossriderAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\delegate.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\events.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\extensionDataStore.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\installer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\logFile.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\logging.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\onBGDocumentLoad.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\popupResource\newPopup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\popupResource\popup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\reports.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\storageWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\updateManager.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\util.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\xhr.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\main.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\manifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\popup.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\background.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\crossriderManifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\manifest.xml
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\extension.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\actions\1.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon128.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon16.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon48.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\chrome.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\cookie.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\message.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageAction.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageActionBG.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\bg_app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\consts.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\cookie_store.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\crossriderAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\delegate.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\events.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\extensionDataStore.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\installer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logFile.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logging.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\onBGDocumentLoad.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\newPopup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\popup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\reports.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\storageWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\updateManager.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\util.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\xhr.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\main.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\manifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\popup.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sean\AppData\Roaming\Local
c:\users\Sean\AppData\Roaming\Local\Skyrim\DLCList.txt
c:\users\Sean\AppData\Roaming\Local\Skyrim\plugins.txt
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8075.5381 [GMT -6:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\background.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\crossriderManifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\manifest.xml
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\userCode\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\extensionData\userCode\extension.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\actions\1.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon128.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon16.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\icons\icon48.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\chrome.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\cookie.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\message.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\pageAction.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\api\pageActionBG.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\bg_app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\consts.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\cookie_store.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\crossriderAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\delegate.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\events.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\extensionDataStore.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\installer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\logFile.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\logging.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\onBGDocumentLoad.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\popupResource\newPopup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\popupResource\popup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\reports.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\storageWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\updateManager.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\util.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\lib\xhr.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\js\main.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\manifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.103_0\popup.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\background.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\crossriderManifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\manifest.xml
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\extension.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\actions\1.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon128.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon16.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon48.png
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\chrome.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\cookie.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\message.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageAction.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageActionBG.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\background.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\bg_app_api.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\consts.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\cookie_store.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\crossriderAPI.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\delegate.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\events.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\extensionDataStore.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\installer.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logFile.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logging.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\onBGDocumentLoad.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\newPopup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\popup.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\reports.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\storageWrapper.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\updateManager.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\util.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\xhr.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\main.js
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\manifest.json
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\popup.html
c:\users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sean\AppData\Roaming\Local
c:\users\Sean\AppData\Roaming\Local\Skyrim\DLCList.txt
c:\users\Sean\AppData\Roaming\Local\Skyrim\plugins.txt
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins.json
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\182_openUrl.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\platformVersion.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\manifest.xml
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins.json
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\182_openUrl.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\update.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins.json
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\182_openUrl.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\200_foxydeal_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\204_pricedetect_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\platformVersion.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\manifest.xml
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins.json
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\182_openUrl.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com\skin\update.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome.manifest
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\asyncDB.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\browserAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\contextMenu.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dbManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\dom_bg.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\fileManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxNotifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\firefoxOmnibox.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\message.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\pageAction.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\request.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\tabs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\api\webRequest.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\background.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\baseObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\browser.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\console.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\consts.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\delegate.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\extensionDataStore.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\folderIOWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\httpObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\IDBWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\installer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\logFile.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\progressListenerObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\registry.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reloadObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\reports.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\requestObject.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\searchSettings.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\uninstallObserver.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\updateManager.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\utils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\core\xhr.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\dialog.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\main.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\options.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\chrome\content\search_dialog.xul
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\defaults\preferences\prefs.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\manifest.xml
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins.json
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\1_base.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\102_dealply_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\103_intext_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\105_corticas_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\108_icm_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\119_similar_web_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\120_luck_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\125_arcadi2_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2013-12-07 to 2014-01-07 )))))))))))))))))))))))))))))))
.
.
2014-01-07 04:11 . 2014-01-07 04:11 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-07 04:11 . 2014-01-07 04:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 03:30 . 2014-01-07 03:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-07 03:30 . 2014-01-07 03:30 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-07 03:29 . 2014-01-07 03:29 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-07 02:23 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2601917-051F-495A-92A0-D11D1F6B2E56}\mpengine.dll
2014-01-06 23:01 . 2014-01-06 23:01 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-01-06 18:03 . 2014-01-06 16:48 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-01-06 16:11 . 2014-01-06 16:11 -------- d-----w- c:\program files (x86)\ESET
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\programdata\Malwarebytes
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-06 16:02 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-06 15:45 . 2014-01-06 15:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-01-03 19:00 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-22 00:52 . 2013-12-22 00:52 -------- d--h--r-c:\users\Sean\AppData\Roaming\SecuROM
2013-12-22 00:52 . 2013-12-22 00:52 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-12-22 00:52 . 2013-12-22 01:31 -------- d-----w- c:\users\Sean\AppData\Local\Oblivion
2013-12-17 19:55 . 2014-01-07 04:11 -------- d-----w- c:\users\Sean\AppData\Local\LogMeIn Hamachi
2013-12-17 19:55 . 2013-12-17 19:55 -------- d-----w- c:\users\Sean\AppData\Local\LogMeIn
2013-12-17 19:55 . 2013-12-17 19:55 -------- d-----w- c:\programdata\LogMeIn
2013-12-17 19:53 . 2013-12-17 19:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-12-17 16:42 . 2013-12-17 18:47 -------- d-----w- c:\program files (x86)\Assassins Creed IV Black Flag
2013-12-17 03:04 . 2013-12-17 03:04 -------- d-----w- c:\windows\SysWow64\SearchProtect
2013-12-12 09:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 09:26 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 23:01 . 2013-05-13 08:19 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-01-06 22:39 . 2013-05-26 02:59 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-01-06 18:03 . 2013-05-26 02:57 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 05:12 . 2013-12-07 00:44 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-03 07:17 . 2013-12-03 07:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 07:17 . 2013-12-03 07:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 07:17 . 2013-12-03 07:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 07:17 . 2013-12-03 07:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 07:17 . 2013-12-03 07:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 07:17 . 2013-12-03 07:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 07:17 . 2013-12-03 07:17 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-03 07:17 . 2013-12-03 07:17 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 07:17 . 2013-12-03 07:17 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 07:17 . 2013-12-03 07:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 07:17 . 2013-12-03 07:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 07:17 . 2013-12-03 07:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 07:17 . 2013-12-03 07:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 07:17 . 2013-12-03 07:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 07:17 . 2013-12-03 07:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 07:17 . 2013-12-03 07:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 07:17 . 2013-12-03 07:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 07:17 . 2013-12-03 07:17 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-03 07:17 . 2013-12-03 07:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 07:17 . 2013-12-03 07:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 07:17 . 2013-12-03 07:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 07:17 . 2013-12-03 07:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 07:17 . 2013-12-03 07:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 07:17 . 2013-12-03 07:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 07:17 . 2013-12-03 07:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 07:17 . 2013-12-03 07:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 07:17 . 2013-12-03 07:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 07:17 . 2013-12-03 07:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 07:17 . 2013-12-03 07:17 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 07:17 . 2013-12-03 07:17 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-03 07:17 . 2013-12-03 07:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 07:17 . 2013-12-03 07:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 07:17 . 2013-12-03 07:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 07:17 . 2013-12-03 07:17 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 07:17 . 2013-12-03 07:17 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 07:17 . 2013-12-03 07:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 07:17 . 2013-12-03 07:17 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 07:17 . 2013-12-03 07:17 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-03 07:17 . 2013-12-03 07:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 07:17 . 2013-12-03 07:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 07:17 . 2013-12-03 07:17 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 07:17 . 2013-12-03 07:17 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 07:17 . 2013-12-03 07:17 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 07:17 . 2013-12-03 07:17 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 07:17 . 2013-12-03 07:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 07:17 . 2013-12-03 07:17 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 07:17 . 2013-12-03 07:17 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 07:17 . 2013-12-03 07:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 07:17 . 2013-12-03 07:17 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 07:17 . 2013-12-03 07:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 07:17 . 2013-12-03 07:17 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 07:17 . 2013-12-03 07:17 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 07:17 . 2013-12-03 07:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 07:17 . 2013-12-03 07:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-03 07:17 . 2013-12-03 07:17 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 07:17 . 2013-12-03 07:17 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w-c:\windows\system32\MpSigStub.exe
2013-10-20 18:16 . 2013-12-06 16:37 965000 ------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1426C4A8-1E69-4A02-AB94-EB8301E89DE3}\gapaengine.dll
2013-10-20 18:16 . 2013-05-21 21:35 965000 ------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 09:05 . 2013-07-03 00:46 1754928 ----a-w- c:\windows\system32\dmwu.exe
2013-10-15 08:59 . 2013-07-03 00:46 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-10-15 00:00 . 2013-12-03 07:19 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 19:09 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 19:09 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 19:09 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 19:09 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 19:09 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Sean\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-12 1044560]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-05-13 5021448]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-16 642656]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Sean\AppData\Local\Temp\ALSysIO64.sys;c:\users\Sean\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-06 23:31 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-11 14:21]
.
2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-11 14:21]
.
2014-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
2014-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-21 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?tpid=BCPA3&o=APN10476&pf=V7&trgb=&p2=%5EAL1%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EAL1&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_26.0.1410.64&apn_uid=685B2D70-810D-498D-B166-7470CEDB7867&itbv=11.8.1.233&doi=2013-05-14&psv=
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF - ExtSQL: 2013-12-07 14:38; image-blocker@erikvold.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
FF - ExtSQL: 2013-12-07 14:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-12-07 14:44; kabl@trac.arantius.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
FF - ExtSQL: 2013-12-07 14:44; gmailnoads@mywebber.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-12-07 14:44; adblockpopups@jessehakanen.net; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-12-10 12:53; iobitapps@mybrowserbar.com; c:\program files (x86)\IObit Apps Toolbar\FF
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110311121157} - c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll
BHO-{11111111-1111-1111-1111-110411361128} - c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
BHO-{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} - c:\program files (x86)\SearchNewTab\fBqqSj1o.x64.dll
BHO-{337262F8-5207-1CF5-97A4-D89CAF8D9788} - c:\program files (x86)\ssurf AnD keep\L6roPZ.x64.dll
BHO-{423A284C-120C-A709-784F-DEC29D3A0DDD} - c:\program files (x86)\YoutubeAdblocker\PDMND_m.x64.dll
BHO-{93625CB0-137D-155C-A14B-7061D9F99A9F} - c:\program files (x86)\SearchNewTab\HPsPfg5Qt.x64.dll
WebBrowser-{42435041-3300-A76A-76A7-7A786E7484D7} - (no file)
AddRemove-bi_uninstaller - c:\users\Sean\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-06 22:13:01
ComboFix-quarantined-files.txt 2014-01-07 04:13
.
Pre-Run: 262,285,717,504 bytes free
Post-Run: 262,689,595,392 bytes free
.
- - End Of File - - EC269E7435AC56A3533546372B23B48C
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\126_revizer_ws_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\127_revizer_p_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\135_arcadi3_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\138_getdeal_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\142_intext_fa_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\17_jQuery.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\189_active_sanity.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\190_pops_5_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\191_ciuvo_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\21_debug.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\22_resources.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\28_initializer.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\47_resources_background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\5_notifications.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\64_appApiMessage.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\7_hooks.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\72_appApiValidation.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\plugins\98_omniCommands.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\background.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\extensionData\userCode\extension.js
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\install.rdf
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\locale\en-US\translations.dtd
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button1.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button2.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button3.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button4.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\button5.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\crossrider_statusbar.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon128.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon16.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon24.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\icon48.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\panelarrow-up.png
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\popup.html
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\skin.css
c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\008abed2-b43a-46c9-9a5b-a771c87b82da@1ad61d53-2bdc-4484-a26b-b888ecae1906.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2013-12-07 to 2014-01-07 )))))))))))))))))))))))))))))))
.
.
2014-01-07 04:11 . 2014-01-07 04:11 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-01-07 04:11 . 2014-01-07 04:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 03:30 . 2014-01-07 03:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-07 03:30 . 2014-01-07 03:30 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-07 03:29 . 2014-01-07 03:29 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-07 02:23 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2601917-051F-495A-92A0-D11D1F6B2E56}\mpengine.dll
2014-01-06 23:01 . 2014-01-06 23:01 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2014-01-06 18:03 . 2014-01-06 16:48 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2014-01-06 16:11 . 2014-01-06 16:11 -------- d-----w- c:\program files (x86)\ESET
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\programdata\Malwarebytes
2014-01-06 16:02 . 2014-01-06 16:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-06 16:02 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-06 15:45 . 2014-01-06 15:45 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-01-03 19:00 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-22 00:52 . 2013-12-22 00:52 -------- d--h--r-c:\users\Sean\AppData\Roaming\SecuROM
2013-12-22 00:52 . 2013-12-22 00:52 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-12-22 00:52 . 2013-12-22 01:31 -------- d-----w- c:\users\Sean\AppData\Local\Oblivion
2013-12-17 19:55 . 2014-01-07 04:11 -------- d-----w- c:\users\Sean\AppData\Local\LogMeIn Hamachi
2013-12-17 19:55 . 2013-12-17 19:55 -------- d-----w- c:\users\Sean\AppData\Local\LogMeIn
2013-12-17 19:55 . 2013-12-17 19:55 -------- d-----w- c:\programdata\LogMeIn
2013-12-17 19:53 . 2013-12-17 19:53 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-12-17 16:42 . 2013-12-17 18:47 -------- d-----w- c:\program files (x86)\Assassins Creed IV Black Flag
2013-12-17 03:04 . 2013-12-17 03:04 -------- d-----w- c:\windows\SysWow64\SearchProtect
2013-12-12 09:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 09:26 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 23:01 . 2013-05-13 08:19 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2014-01-06 22:39 . 2013-05-26 02:59 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-01-06 18:03 . 2013-05-26 02:57 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 05:12 . 2013-12-07 00:44 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-03 07:17 . 2013-12-03 07:17 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 07:17 . 2013-12-03 07:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 07:17 . 2013-12-03 07:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 07:17 . 2013-12-03 07:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 07:17 . 2013-12-03 07:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 07:17 . 2013-12-03 07:17 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 07:17 . 2013-12-03 07:17 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-03 07:17 . 2013-12-03 07:17 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 07:17 . 2013-12-03 07:17 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 07:17 . 2013-12-03 07:17 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 07:17 . 2013-12-03 07:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 07:17 . 2013-12-03 07:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 07:17 . 2013-12-03 07:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 07:17 . 2013-12-03 07:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 07:17 . 2013-12-03 07:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 07:17 . 2013-12-03 07:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 07:17 . 2013-12-03 07:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 07:17 . 2013-12-03 07:17 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-03 07:17 . 2013-12-03 07:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 07:17 . 2013-12-03 07:17 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 07:17 . 2013-12-03 07:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 07:17 . 2013-12-03 07:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 07:17 . 2013-12-03 07:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 07:17 . 2013-12-03 07:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 07:17 . 2013-12-03 07:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 07:17 . 2013-12-03 07:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 07:17 . 2013-12-03 07:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 07:17 . 2013-12-03 07:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 07:17 . 2013-12-03 07:17 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 07:17 . 2013-12-03 07:17 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-03 07:17 . 2013-12-03 07:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 07:17 . 2013-12-03 07:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 07:17 . 2013-12-03 07:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 07:17 . 2013-12-03 07:17 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 07:17 . 2013-12-03 07:17 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 07:17 . 2013-12-03 07:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 07:17 . 2013-12-03 07:17 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 07:17 . 2013-12-03 07:17 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-03 07:17 . 2013-12-03 07:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 07:17 . 2013-12-03 07:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 07:17 . 2013-12-03 07:17 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 07:17 . 2013-12-03 07:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 07:17 . 2013-12-03 07:17 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 07:17 . 2013-12-03 07:17 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 07:17 . 2013-12-03 07:17 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 07:17 . 2013-12-03 07:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 07:17 . 2013-12-03 07:17 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 07:17 . 2013-12-03 07:17 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 07:17 . 2013-12-03 07:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 07:17 . 2013-12-03 07:17 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 07:17 . 2013-12-03 07:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 07:17 . 2013-12-03 07:17 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 07:17 . 2013-12-03 07:17 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 07:17 . 2013-12-03 07:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 07:17 . 2013-12-03 07:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-03 07:17 . 2013-12-03 07:17 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 07:17 . 2013-12-03 07:17 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 10:21 . 2010-11-21 03:27 267936 ------w-c:\windows\system32\MpSigStub.exe
2013-10-20 18:16 . 2013-12-06 16:37 965000 ------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1426C4A8-1E69-4A02-AB94-EB8301E89DE3}\gapaengine.dll
2013-10-20 18:16 . 2013-05-21 21:35 965000 ------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 09:05 . 2013-07-03 00:46 1754928 ----a-w- c:\windows\system32\dmwu.exe
2013-10-15 08:59 . 2013-07-03 00:46 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-10-15 00:00 . 2013-12-03 07:19 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 19:09 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 19:09 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 19:09 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 19:09 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 19:09 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 01:49 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Sean\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-12 1044560]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-12-11 1823656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-05-13 5021448]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-16 642656]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S3 ALSysIO;ALSysIO;c:\users\Sean\AppData\Local\Temp\ALSysIO64.sys;c:\users\Sean\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-06 23:31 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-11 14:21]
.
2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-11 14:21]
.
2014-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
2014-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-24 01:49 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-21 441152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?tpid=BCPA3&o=APN10476&pf=V7&trgb=&p2=%5EAL1%5EYYYYYY%5EYY%5EUS&gct=hp&apn_ptnrs=%5EAL1&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=cr_26.0.1410.64&apn_uid=685B2D70-810D-498D-B166-7470CEDB7867&itbv=11.8.1.233&doi=2013-05-14&psv=
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF - ExtSQL: 2013-12-07 14:38; image-blocker@erikvold.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
FF - ExtSQL: 2013-12-07 14:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-12-07 14:44; kabl@trac.arantius.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
FF - ExtSQL: 2013-12-07 14:44; gmailnoads@mywebber.com; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
FF - ExtSQL: 2013-12-07 14:44; adblockpopups@jessehakanen.net; c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-12-10 12:53; iobitapps@mybrowserbar.com; c:\program files (x86)\IObit Apps Toolbar\FF
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110311121157} - c:\program files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll
BHO-{11111111-1111-1111-1111-110411361128} - c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll
BHO-{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} - c:\program files (x86)\SearchNewTab\fBqqSj1o.x64.dll
BHO-{337262F8-5207-1CF5-97A4-D89CAF8D9788} - c:\program files (x86)\ssurf AnD keep\L6roPZ.x64.dll
BHO-{423A284C-120C-A709-784F-DEC29D3A0DDD} - c:\program files (x86)\YoutubeAdblocker\PDMND_m.x64.dll
BHO-{93625CB0-137D-155C-A14B-7061D9F99A9F} - c:\program files (x86)\SearchNewTab\HPsPfg5Qt.x64.dll
WebBrowser-{42435041-3300-A76A-76A7-7A786E7484D7} - (no file)
AddRemove-bi_uninstaller - c:\users\Sean\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-06 22:13:01
ComboFix-quarantined-files.txt 2014-01-07 04:13
.
Pre-Run: 262,285,717,504 bytes free
Post-Run: 262,689,595,392 bytes free
.
- - End Of File - - EC269E7435AC56A3533546372B23B48C
Broni
Posts: 56,041 +516
Looks good.
Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop.
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
# AdwCleaner v3.016 - Report created 06/01/2014 at 22:29:39
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - SEAN44
# Running from : C:\Users\Sean\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\ssurf AnD keep
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\ssurf AnD keep
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\BrowserProtect
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Sean\AppData\Local\apn
Folder Deleted : C:\Users\Sean\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Sean\AppData\Local\Conduit
Folder Deleted : C:\Users\Sean\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sean\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sean\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Sean\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Sean\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Sean\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Sean\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Smartbar
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\CT3289663
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\56aivc@aouiuo.co.uk
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\oiooye_era@eelgxxxdrg.com
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\ouiy9oua@aaxkjxhjui.edu
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\staged
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\ufukya@vwhdpto.net
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\searchplugins\conduit-search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\delta.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\and
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\5d488d8e63ceb45
Key Deleted : HKLM\SOFTWARE\5d488d8e63ceb45
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\prefs.js ]
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.sweetpacks-search.com/?barid=&src=97&");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Fri Jan 03 2014 10:22:57 GMT-0600 (Central Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Thu Jan 09 2014 10:22:57 GMT-0600 (Central Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Fri Jan 03 2014 10:22:58 GMT-0600 (Central Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.bootstrappedAddons", "{\"gmailnoads@mywebber.com\":{\"version\":\"4.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Sean\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\[...]
Line Deleted : user_pref("extensions.crossrider.bic", "142ce1d21cec90b88b96c8c029404742");
Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\prefs.js ]
Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "TYLER");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USTX1383");
Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Tyler, TX");
Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN30277775324062209&UM=2&q=");
Line Deleted : user_pref("CT3289663.UserID", "UN30277775324062209");
Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.countryCode", "US");
Line Deleted : user_pref("CT3289663.defaultSearch", "true");
Line Deleted : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289663.enableAlerts", "true");
Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN30277775324062209.IN.20130902150609");
Line Deleted : user_pref("CT3289663.installDate", "02/09/2013 15:06:11");
Line Deleted : user_pref("CT3289663.installId", "stub.exe");
Line Deleted : user_pref("CT3289663.installSessionId", "{ACA834D0-AB95-4200-A958-994F0C900EAA}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289663.installUsage", "2013-09-22T04:09:35.3030858+03:00");
Line Deleted : user_pref("CT3289663.installUsageEarly", "2013-09-22T04:09:33.3812231+03:00");
Line Deleted : user_pref("CT3289663.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN30277775324062209&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3289663.lastVersion", "10.19.2.5");
Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.minershoes.com%2Farmory\",\"EB_MAIN_FRAME_TITLE\":\"Miners%20Need%20Cool%20Shoes%20%7C%2[...]
Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=");
Line Deleted : user_pref("CT3289663.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3289663.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Deleted : user_pref("CT3289663.search.searchCount", "0");
Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1379812199448");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1379812201182");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1379812201222");
Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1379812201163");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1379812199454");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1379812201426");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.19.2.5_lastUpdate", "1379812201277");
Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1379812201237");
Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1379812199395");
Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1379812199224");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1379812200930");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1379812199409");
Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1379812201229");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.smartbar.isHidden", false);
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.startPage", "true");
Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "22-9-2013");
Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "22-9-2013");
Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Sat Sep 21 2013 20:10:01 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3289663.xpeMode", "0");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379812198044,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN30277775324062209&UM=2&UP=SP195A237D-22D4-4F72-9BAE-72EA5F7D8AA8");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN30277775324062209&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.selectedEngine", "Sweetpacks Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.sweetpacks-search.com/?barid=&src=10&");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "62f1b07400000000000008606ecdf673");
Line Deleted : user_pref("extensions.delta.instlDay", "15858");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.519:53:37");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=300513_ctrl");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,brain/default2,easyinline/dock,superfish,superfishgoogleeil,yontooinstalled,yontoonewoffers,dropdowndeals");
Line Deleted : user_pref("extentions.y2layers.installId", "d22764fd-81e3-4435-b65e-4c3930907366");
Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
*************************
AdwCleaner[R0].txt - [31909 octets] - [06/01/2014 22:28:51]
AdwCleaner[S0].txt - [31253 octets] - [06/01/2014 22:29:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31314 octets] ##########
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sean - SEAN44
# Running from : C:\Users\Sean\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\ssurf AnD keep
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\ssurf AnD keep
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\BrowserProtect
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Sean\AppData\Local\apn
Folder Deleted : C:\Users\Sean\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Sean\AppData\Local\Conduit
Folder Deleted : C:\Users\Sean\AppData\Local\PackageAware
Folder Deleted : C:\Users\Sean\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sean\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Sean\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Sean\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Sean\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Sean\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Smartbar
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\CT3289663
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\56aivc@aouiuo.co.uk
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\oiooye_era@eelgxxxdrg.com
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\ouiy9oua@aaxkjxhjui.edu
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\staged
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\ufukya@vwhdpto.net
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
Folder Deleted : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\searchplugins\conduit-search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\delta.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\and
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\5d488d8e63ceb45
Key Deleted : HKLM\SOFTWARE\5d488d8e63ceb45
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322122257}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126657}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\prefs.js ]
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.sweetpacks-search.com/?barid=&src=97&");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app43628%22%3A%22app43[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.expiration", "Fri Jan 03 2014 10:22:57 GMT-0600 (Central Standard Ti[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.expiration", "Thu Jan 09 2014 10:22:57 GMT-0600 (Central Sta[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.expiration", "Fri Jan 03 2014 10:22:58 GMT-0600 (Central Standa[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A43628%2C%22appName%22%3A%22weDownload[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A311159%2C%22ver%22%3A2%2[...]
Line Deleted : user_pref("extensions.a008abed2b43a46c99a5ba771c87b82da1ad61d532bdc4484a26bb888ecae1906com43628.43628.internaldb.Resources_resource_311159.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.bootstrappedAddons", "{\"gmailnoads@mywebber.com\":{\"version\":\"4.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Sean\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\[...]
Line Deleted : user_pref("extensions.crossrider.bic", "142ce1d21cec90b88b96c8c029404742");
Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\prefs.js ]
Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "TYLER");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USTX1383");
Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Tyler, TX");
Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN30277775324062209&UM=2&q=");
Line Deleted : user_pref("CT3289663.UserID", "UN30277775324062209");
Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.countryCode", "US");
Line Deleted : user_pref("CT3289663.defaultSearch", "true");
Line Deleted : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289663.enableAlerts", "true");
Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN30277775324062209.IN.20130902150609");
Line Deleted : user_pref("CT3289663.installDate", "02/09/2013 15:06:11");
Line Deleted : user_pref("CT3289663.installId", "stub.exe");
Line Deleted : user_pref("CT3289663.installSessionId", "{ACA834D0-AB95-4200-A958-994F0C900EAA}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289663.installUsage", "2013-09-22T04:09:35.3030858+03:00");
Line Deleted : user_pref("CT3289663.installUsageEarly", "2013-09-22T04:09:33.3812231+03:00");
Line Deleted : user_pref("CT3289663.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN30277775324062209&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3289663.lastVersion", "10.19.2.5");
Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.minershoes.com%2Farmory\",\"EB_MAIN_FRAME_TITLE\":\"Miners%20Need%20Cool%20Shoes%20%7C%2[...]
Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://search.yahoo.com?type=902615&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=");
Line Deleted : user_pref("CT3289663.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3289663.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Deleted : user_pref("CT3289663.search.searchCount", "0");
Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1379812199448");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1379812201182");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1379812201222");
Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1379812201163");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1379812199454");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1379812201426");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.19.2.5_lastUpdate", "1379812201277");
Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1379812201237");
Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1379812199395");
Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1379812199224");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1379812200930");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1379812199409");
Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1379812201229");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.smartbar.isHidden", false);
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.startPage", "true");
Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "22-9-2013");
Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "22-9-2013");
Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Sat Sep 21 2013 20:10:01 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3289663.xpeMode", "0");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379812198044,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN30277775324062209&UM=2&UP=SP195A237D-22D4-4F72-9BAE-72EA5F7D8AA8");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN30277775324062209&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.selectedEngine", "Sweetpacks Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.sweetpacks-search.com/?barid=&src=10&");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "62f1b07400000000000008606ecdf673");
Line Deleted : user_pref("extensions.delta.instlDay", "15858");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.519:53:37");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=300513_ctrl");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,brain/default2,easyinline/dock,superfish,superfishgoogleeil,yontooinstalled,yontoonewoffers,dropdowndeals");
Line Deleted : user_pref("extentions.y2layers.installId", "d22764fd-81e3-4435-b65e-4c3930907366");
Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
*************************
AdwCleaner[R0].txt - [31909 octets] - [06/01/2014 22:28:51]
AdwCleaner[S0].txt - [31253 octets] - [06/01/2014 22:29:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31314 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sean on Mon 01/06/2014 at 22:32:35.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-903125041-1404267061-2774934068-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3805A44A-721E-473E-A3C6-0BB602FB7C58}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6C7DB23-49FC-4A5B-A81D-835B6E2451A3}
~~~ Files
Successfully deleted: [File] "C:\Users\Sean\appdata\locallow\SkwConfig.bin"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Sean\appdata\local\cre"
~~~ FireFox
Emptied folder: C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\minidumps [10 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Sean\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 22:35:50.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sean on Mon 01/06/2014 at 22:32:35.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.3
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-903125041-1404267061-2774934068-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3805A44A-721E-473E-A3C6-0BB602FB7C58}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6C7DB23-49FC-4A5B-A81D-835B6E2451A3}
~~~ Files
Successfully deleted: [File] "C:\Users\Sean\appdata\locallow\SkwConfig.bin"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Sean\appdata\local\cre"
~~~ FireFox
Emptied folder: C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\minidumps [10 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Sean\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 22:35:50.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 1/6/2014 10:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.36% Memory free
15.77 Gb Paging File | 13.55 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 244.70 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SEAN44 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/06 22:27:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
PRC - [2013/12/11 13:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/11 13:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/12/04 13:55:46 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/29 16:20:48 | 003,806,544 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/05/13 02:22:01 | 005,021,448 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2013/05/12 12:29:06 | 001,044,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/01/23 00:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/09/11 14:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/09/11 14:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/09/01 19:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/21 07:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/05 09:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/04/16 12:55:02 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/04/16 12:54:32 | 000,233,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
PRC - [2012/02/26 13:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2010/08/24 08:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/03/25 13:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/11 13:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/11/06 15:48:12 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/11/06 15:48:10 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/10 13:50:04 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\94625c26fa87cd2f8dea6626c521d0db\System.ServiceModel.Web.ni.dll
MOD - [2013/10/10 13:49:40 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\437ac0dab43f670b7ef93262e69c0cf0\System.IdentityModel.ni.dll
MOD - [2013/10/10 13:49:37 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e7aa65750b09ea4b26bd3c9c75f8b94e\System.ServiceModel.ni.dll
MOD - [2013/10/10 13:49:29 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\f28b130b7c58c374eae31ff3fc4306ac\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/10/10 12:11:11 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 12:11:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 12:11:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/10 12:10:59 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 12:10:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 19:19:36 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll
MOD - [2013/10/09 19:19:34 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll
MOD - [2013/10/09 19:19:32 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 19:19:31 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll
MOD - [2013/09/19 09:42:40 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2f2b1bc379cd38841f05399944927d8f\IAStorCommon.ni.dll
MOD - [2013/09/19 09:42:38 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a3b23c37c111913b6fb7f9ca7b0195d9\IAStorUtil.ni.dll
MOD - [2013/09/18 17:48:55 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/09/18 17:48:53 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2013/09/18 17:48:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dll
MOD - [2013/09/18 17:48:53 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dll
MOD - [2013/09/18 17:48:52 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/09/18 17:48:48 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/09/17 10:29:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/17 10:20:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/14 08:34:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 08:34:45 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 08:34:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 20:50:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 17:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 17:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 17:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/01/23 00:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013/01/16 10:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013/01/16 10:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013/01/16 10:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013/01/16 10:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013/01/16 10:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/04/16 12:56:26 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/04/16 12:42:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/04/16 12:41:50 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/04/16 12:38:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2012/04/16 12:37:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
MOD - [2011/08/17 17:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 17:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 17:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 21:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 21:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 21:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 20:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/04/30 13:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/16 08:01:58 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/19 20:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/02/09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2014/01/02 11:13:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 13:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/29 16:20:42 | 002,210,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/21 00:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/11 14:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/09/11 14:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/21 07:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/05 09:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2010/03/25 13:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/06 22:30:54 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/19 21:05:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/05/12 15:56:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/05/11 08:23:06 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/04/16 08:51:54 | 011,653,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/16 07:35:20 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 05:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/17 02:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 19:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/02 11:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/18 17:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012/01/13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/09/21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/09/19 20:47:25 | 001,047,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/05/10 17:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011/05/09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/17 17:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/01/23 00:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes\{AE1E8CE7-9AD9-4B96-BCF1-ED02D701C9AF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: kabl%40trac.arantius.com:0.4.8
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/05/19 21:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions
[2014/01/06 22:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Firefox\Profiles\fmb849k2.default\Extensions
[2013/12/07 14:44:49 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
[2014/01/02 11:58:38 | 000,022,560 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
[2013/12/07 14:38:09 | 000,176,363 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
[2013/12/07 14:44:49 | 000,050,309 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
[2013/12/07 14:41:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/06 17:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/02 11:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/02 11:13:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9QQFGLL.DEFAULT-1386378123099\EXTENSIONS\{0113D088-8ED1-468C-B225-585A9C53B5E3}
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\15.40840_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\21.56714_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\24.59819_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\25.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\26.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcecbeabmilhegakofgafbbmohadmngb\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmacccihbmnfabgkicmnnkcoialbhjil\2.2\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gogdhagkjmojpnijppilfjilmpngdilc\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddphmblnmebemcnojifhaeaflpjjkhh\1.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfpkhnolbhkahcelklodlcmhaogeoec\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnmgahhamgcickcklgeelkepicamaln\0.9\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\15.40840_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\21.56714_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\24.59819_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\25.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\26.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcecbeabmilhegakofgafbbmohadmngb\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmacccihbmnfabgkicmnnkcoialbhjil\2.2\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gogdhagkjmojpnijppilfjilmpngdilc\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddphmblnmebemcnojifhaeaflpjjkhh\1.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfpkhnolbhkahcelklodlcmhaogeoec\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnmgahhamgcickcklgeelkepicamaln\0.9\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
O1 HOSTS File: ([2014/01/06 22:11:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll File not found
O2:64bit: - BHO: (weDownload Manager Pro) - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll File not found
O2:64bit: - BHO: (SearchNewTab) - {2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} - C:\Program Files (x86)\SearchNewTab\fBqqSj1o.x64.dll File not found
O2:64bit: - BHO: (ssurf AnD keep) - {337262F8-5207-1CF5-97A4-D89CAF8D9788} - C:\Program Files (x86)\ssurf AnD keep\L6roPZ.x64.dll File not found
O2:64bit: - BHO: (YoutubeAdblocker) - {423A284C-120C-A709-784F-DEC29D3A0DDD} - C:\Program Files (x86)\YoutubeAdblocker\PDMND_m.x64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SearchNewTab) - {93625CB0-137D-155C-A14B-7061D9F99A9F} - C:\Program Files (x86)\SearchNewTab\HPsPfg5Qt.x64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.36% Memory free
15.77 Gb Paging File | 13.55 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 244.70 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SEAN44 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/06 22:27:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
PRC - [2013/12/11 13:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/11 13:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/12/04 13:55:46 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/29 16:20:48 | 003,806,544 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/05/13 02:22:01 | 005,021,448 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2013/05/12 12:29:06 | 001,044,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/01/23 00:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012/09/11 14:51:42 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/09/11 14:51:42 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/09/01 19:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/21 07:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/05 09:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/04/16 12:55:02 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
PRC - [2012/04/16 12:54:32 | 000,233,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
PRC - [2012/02/26 13:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/05/19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2010/08/24 08:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/03/25 13:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/11 13:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/11/06 15:48:12 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/11/06 15:48:10 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/10 13:50:04 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\94625c26fa87cd2f8dea6626c521d0db\System.ServiceModel.Web.ni.dll
MOD - [2013/10/10 13:49:40 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\437ac0dab43f670b7ef93262e69c0cf0\System.IdentityModel.ni.dll
MOD - [2013/10/10 13:49:37 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e7aa65750b09ea4b26bd3c9c75f8b94e\System.ServiceModel.ni.dll
MOD - [2013/10/10 13:49:29 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\f28b130b7c58c374eae31ff3fc4306ac\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/10/10 12:11:11 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 12:11:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 12:11:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/10 12:10:59 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 12:10:54 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 19:19:36 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll
MOD - [2013/10/09 19:19:34 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll
MOD - [2013/10/09 19:19:32 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\be5f0f2e208bbb3c647acfbc33434251\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 19:19:31 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll
MOD - [2013/09/19 09:42:40 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2f2b1bc379cd38841f05399944927d8f\IAStorCommon.ni.dll
MOD - [2013/09/19 09:42:38 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\a3b23c37c111913b6fb7f9ca7b0195d9\IAStorUtil.ni.dll
MOD - [2013/09/18 17:48:55 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/09/18 17:48:53 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2013/09/18 17:48:53 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\72227d58a04b80252053352dead3b9a3\System.ServiceModel.Internals.ni.dll
MOD - [2013/09/18 17:48:53 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\176ea254700896ee68956986b947ea9b\SMDiagnostics.ni.dll
MOD - [2013/09/18 17:48:52 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/09/18 17:48:48 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/09/17 10:29:10 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/17 10:20:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/14 08:34:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 08:34:45 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 08:34:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 20:50:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 17:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 17:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 17:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/01/23 00:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013/01/16 10:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013/01/16 10:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013/01/16 10:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013/01/16 10:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013/01/16 10:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2012/04/16 12:56:26 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/04/16 12:42:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/04/16 12:41:50 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/04/16 12:38:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2012/04/16 12:37:46 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll
MOD - [2011/08/17 17:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 17:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 17:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 21:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 21:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 21:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 20:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/04/30 13:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/16 08:01:58 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/19 20:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012/02/09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2011/10/19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2014/01/02 11:13:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 13:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/29 16:20:42 | 002,210,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/10/11 11:51:18 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/21 00:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/11 14:51:42 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/09/11 14:51:42 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/21 07:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/05 09:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2010/03/25 13:45:36 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/06 22:30:54 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/19 21:05:50 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/05/12 15:56:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/05/11 08:23:06 | 000,016,648 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/04/16 08:51:54 | 011,653,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/16 07:35:20 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/02/14 05:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/17 02:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 19:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/02 11:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/18 17:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012/01/13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011/09/21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/09/19 20:47:25 | 001,047,144 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2011/07/04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011/05/10 17:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011/05/09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 17:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/03/04 17:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/17 17:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/01/23 00:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\SearchScopes\{AE1E8CE7-9AD9-4B96-BCF1-ED02D701C9AF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: kabl%40trac.arantius.com:0.4.8
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/05/19 21:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Firefox\Profiles\b9qqfgll.default-1386378123099\extensions
[2014/01/06 22:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\Firefox\Profiles\fmb849k2.default\Extensions
[2013/12/07 14:44:49 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\adblockpopups@jessehakanen.net.xpi
[2014/01/02 11:58:38 | 000,022,560 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\gmailnoads@mywebber.com.xpi
[2013/12/07 14:38:09 | 000,176,363 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\image-blocker@erikvold.com.xpi
[2013/12/07 14:44:49 | 000,050,309 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\kabl@trac.arantius.com.xpi
[2013/12/07 14:41:23 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\b9qqfgll.default-1386378123099\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/06 17:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/02 11:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/02 11:13:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9QQFGLL.DEFAULT-1386378123099\EXTENSIONS\{0113D088-8ED1-468C-B225-585A9C53B5E3}
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\15.40840_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\21.56714_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\24.59819_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\25.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\26.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcecbeabmilhegakofgafbbmohadmngb\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmacccihbmnfabgkicmnnkcoialbhjil\2.2\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gogdhagkjmojpnijppilfjilmpngdilc\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddphmblnmebemcnojifhaeaflpjjkhh\1.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfpkhnolbhkahcelklodlcmhaogeoec\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnmgahhamgcickcklgeelkepicamaln\0.9\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\15.40840_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\21.56714_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\24.59819_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\25.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamkngpohceidkefhicjjcedfcidai\26.61613_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcecbeabmilhegakofgafbbmohadmngb\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmacccihbmnfabgkicmnnkcoialbhjil\2.2\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gogdhagkjmojpnijppilfjilmpngdilc\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddphmblnmebemcnojifhaeaflpjjkhh\1.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.8_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfpkhnolbhkahcelklodlcmhaogeoec\1.0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlnmgahhamgcickcklgeelkepicamaln\0.9\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
O1 HOSTS File: ([2014/01/06 22:11:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll File not found
O2:64bit: - BHO: (weDownload Manager Pro) - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll File not found
O2:64bit: - BHO: (SearchNewTab) - {2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} - C:\Program Files (x86)\SearchNewTab\fBqqSj1o.x64.dll File not found
O2:64bit: - BHO: (ssurf AnD keep) - {337262F8-5207-1CF5-97A4-D89CAF8D9788} - C:\Program Files (x86)\ssurf AnD keep\L6roPZ.x64.dll File not found
O2:64bit: - BHO: (YoutubeAdblocker) - {423A284C-120C-A709-784F-DEC29D3A0DDD} - C:\Program Files (x86)\YoutubeAdblocker\PDMND_m.x64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SearchNewTab) - {93625CB0-137D-155C-A14B-7061D9F99A9F} - C:\Program Files (x86)\SearchNewTab\HPsPfg5Qt.x64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [uTorrent] C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 11:26:21 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/06 22:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 22:28:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 22:27:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/01/06 22:27:07 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/01/06 22:13:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/06 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/06 22:06:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/06 22:06:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/06 22:06:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/06 22:06:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/06 22:06:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/06 22:03:48 | 005,160,001 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
[2014/01/06 21:30:17 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/06 21:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/06 21:29:36 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\mbar
[2014/01/06 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\RK_Quarantine
[2014/01/06 20:41:09 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Sean\Desktop\mbar-1.07.0.1008.exe
[2014/01/06 20:13:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2014/01/06 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/06 10:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/06 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes
[2014/01/06 10:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 10:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/06 10:02:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 10:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/06 09:45:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/01/06 09:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/01/02 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/21 19:31:25 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/12/21 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013/12/21 18:52:57 | 000,000,000 | RH-D | C] -- C:\Users\Sean\AppData\Roaming\SecuROM
[2013/12/21 18:52:56 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/12/21 18:52:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Oblivion
[2013/12/17 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\logs
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\LogMeIn Hamachi
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\LogMeIn
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/12/17 13:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/17 13:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/12/17 10:56:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Assassin's Creed IV Black Flag
[2013/12/17 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Assassins Creed IV Black Flag
[2013/12/16 13:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/06 22:38:04 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:38:04 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:31:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 22:31:08 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/06 22:30:54 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/06 22:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 22:30:40 | 2055,782,399 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 22:27:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/01/06 22:27:08 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/01/06 22:26:57 | 001,233,962 | ---- | M] () -- C:\Users\Sean\Desktop\adwcleaner.exe
[2014/01/06 22:13:04 | 000,002,279 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 22:11:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/06 22:04:01 | 005,160,001 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
[2014/01/06 22:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 21:30:17 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/06 21:29:36 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:41:16 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Sean\Desktop\mbar-1.07.0.1008.exe
[2014/01/06 20:39:24 | 004,406,784 | ---- | M] () -- C:\Users\Sean\Desktop\RogueKillerX64.exe
[2014/01/06 20:13:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2014/01/06 17:31:48 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 17:07:20 | 000,877,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 17:07:20 | 000,729,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 17:07:20 | 000,147,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 16:39:06 | 000,291,944 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/01/06 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/06 12:03:18 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/01/06 10:02:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 09:45:58 | 000,001,264 | ---- | M] () -- C:\Users\Sean\Desktop\Revo Uninstaller.lnk
[2014/01/06 03:02:01 | 000,000,231 | ---- | M] () -- C:\Users\Sean\Desktop\Assassin's Creed IV Black Flag.url
[2014/01/06 02:51:12 | 000,001,201 | ---- | M] () -- C:\Users\Sean\Desktop\Uplay.lnk
[2014/01/03 14:39:43 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2014/01/03 14:09:45 | 000,000,240 | ---- | M] () -- C:\Users\Sean\Desktop\9 3,302Ayleid Armor and weapons.URL
[2013/12/21 18:59:19 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2013/12/21 18:52:56 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/12/17 13:53:53 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/12/16 13:02:20 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/12 03:22:37 | 000,417,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/11 23:41:44 | 000,000,286 | ---- | M] () -- C:\Users\Sean\Desktop\File Lab12.pdf.URL
[2013/12/11 19:47:29 | 000,127,181 | ---- | M] () -- C:\Users\Sean\Desktop\PR3015_2_.png
[2013/12/11 19:47:03 | 000,122,884 | ---- | M] () -- C:\Users\Sean\Desktop\PR4011_2_.png
[2013/12/11 17:52:54 | 000,000,091 | ---- | M] () -- C:\Users\Sean\Desktop\test1.m
[2013/12/09 17:15:33 | 644,592,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/06 22:26:55 | 001,233,962 | ---- | C] () -- C:\Users\Sean\Desktop\adwcleaner.exe
[2014/01/06 22:06:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/06 22:06:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/06 22:06:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/06 22:06:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/06 22:06:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/06 20:39:22 | 004,406,784 | ---- | C] () -- C:\Users\Sean\Desktop\RogueKillerX64.exe
[2014/01/06 17:31:48 | 000,002,279 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 17:31:48 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 10:02:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 09:45:58 | 000,001,264 | ---- | C] () -- C:\Users\Sean\Desktop\Revo Uninstaller.lnk
[2014/01/06 03:02:01 | 000,000,231 | ---- | C] () -- C:\Users\Sean\Desktop\Assassin's Creed IV Black Flag.url
[2014/01/06 02:51:12 | 000,001,201 | ---- | C] () -- C:\Users\Sean\Desktop\Uplay.lnk
[2014/01/03 14:09:45 | 000,000,240 | ---- | C] () -- C:\Users\Sean\Desktop\9 3,302Ayleid Armor and weapons.URL
[2013/12/21 19:33:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013/12/21 18:59:19 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2013/12/17 13:53:53 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/12/16 13:02:20 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/11 23:41:44 | 000,000,286 | ---- | C] () -- C:\Users\Sean\Desktop\File Lab12.pdf.URL
[2013/12/11 19:47:29 | 000,127,181 | ---- | C] () -- C:\Users\Sean\Desktop\PR3015_2_.png
[2013/12/11 19:47:03 | 000,122,884 | ---- | C] () -- C:\Users\Sean\Desktop\PR4011_2_.png
[2013/12/11 17:48:30 | 000,000,091 | ---- | C] () -- C:\Users\Sean\Desktop\test1.m
[2013/05/25 19:21:50 | 003,190,168 | R--- | C] () -- C:\Windows\SysWow64\pb.exe
[2013/05/17 21:42:35 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/05/12 13:08:51 | 001,065,984 | ---- | C] () -- C:\Users\Sean\AppData\Local\file__0.localstorage
[2013/05/12 12:35:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/12 12:25:07 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/05/12 12:25:07 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/05/12 12:25:07 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/05/12 12:25:05 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/05/12 12:25:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/05/11 08:38:18 | 000,869,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 08:30:57 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/05/11 08:30:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/05/11 08:30:57 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/11 08:23:43 | 000,000,003 | ---- | C] () -- C:\Users\Sean\AppData\Local\user_data.ini
[2013/04/16 08:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/16 08:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/16 08:00:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/16 08:00:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 02:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/09/28 13:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/06/19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/06 01:09:25 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\.minecraft
[2013/12/17 10:42:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DAEMON Tools Lite
[2013/05/25 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Far Cry 3
[2013/06/16 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\IObit
[2013/10/28 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mount&Blade
[2013/11/04 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Subversion
[2013/05/25 19:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Unity
[2013/10/23 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\USMA
[2014/01/06 22:36:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent
[2013/06/24 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000..\Run: [uTorrent] C:\Users\Sean\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54EFF3C1-19CF-43F0-9E12-3EFEFE15388F}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/21 11:26:21 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/06 22:32:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 22:28:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 22:27:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/01/06 22:27:07 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/01/06 22:13:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/06 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/06 22:06:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/06 22:06:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/06 22:06:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/06 22:06:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/06 22:06:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/06 22:03:48 | 005,160,001 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
[2014/01/06 21:30:17 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/06 21:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/06 21:29:36 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\mbar
[2014/01/06 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\RK_Quarantine
[2014/01/06 20:41:09 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Sean\Desktop\mbar-1.07.0.1008.exe
[2014/01/06 20:13:49 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2014/01/06 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/06 10:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/01/06 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Malwarebytes
[2014/01/06 10:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 10:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/06 10:02:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 10:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/06 09:45:58 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/01/06 09:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/01/02 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/21 19:31:25 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/12/21 18:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2013/12/21 18:52:57 | 000,000,000 | RH-D | C] -- C:\Users\Sean\AppData\Roaming\SecuROM
[2013/12/21 18:52:56 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/12/21 18:52:46 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Oblivion
[2013/12/17 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\logs
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\LogMeIn Hamachi
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\LogMeIn
[2013/12/17 13:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/12/17 13:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/12/17 13:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/12/17 10:56:27 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\Assassin's Creed IV Black Flag
[2013/12/17 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Assassins Creed IV Black Flag
[2013/12/16 13:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/06 22:38:04 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:38:04 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:31:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 22:31:08 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/01/06 22:30:54 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/01/06 22:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 22:30:40 | 2055,782,399 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/06 22:27:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/01/06 22:27:08 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/01/06 22:26:57 | 001,233,962 | ---- | M] () -- C:\Users\Sean\Desktop\adwcleaner.exe
[2014/01/06 22:13:04 | 000,002,279 | ---- | M] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 22:11:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/06 22:04:01 | 005,160,001 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\ComboFix.exe
[2014/01/06 22:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 21:30:17 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/06 21:29:36 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:41:16 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Sean\Desktop\mbar-1.07.0.1008.exe
[2014/01/06 20:39:24 | 004,406,784 | ---- | M] () -- C:\Users\Sean\Desktop\RogueKillerX64.exe
[2014/01/06 20:13:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Sean\Desktop\dds.scr
[2014/01/06 17:31:48 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 17:07:20 | 000,877,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 17:07:20 | 000,729,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 17:07:20 | 000,147,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 16:39:06 | 000,291,944 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/01/06 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/01/06 12:03:18 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/01/06 10:02:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 09:45:58 | 000,001,264 | ---- | M] () -- C:\Users\Sean\Desktop\Revo Uninstaller.lnk
[2014/01/06 03:02:01 | 000,000,231 | ---- | M] () -- C:\Users\Sean\Desktop\Assassin's Creed IV Black Flag.url
[2014/01/06 02:51:12 | 000,001,201 | ---- | M] () -- C:\Users\Sean\Desktop\Uplay.lnk
[2014/01/03 14:39:43 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2014/01/03 14:09:45 | 000,000,240 | ---- | M] () -- C:\Users\Sean\Desktop\9 3,302Ayleid Armor and weapons.URL
[2013/12/21 18:59:19 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2013/12/21 18:52:56 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013/12/17 13:53:53 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/12/16 13:02:20 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/12 03:22:37 | 000,417,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/11 23:41:44 | 000,000,286 | ---- | M] () -- C:\Users\Sean\Desktop\File Lab12.pdf.URL
[2013/12/11 19:47:29 | 000,127,181 | ---- | M] () -- C:\Users\Sean\Desktop\PR3015_2_.png
[2013/12/11 19:47:03 | 000,122,884 | ---- | M] () -- C:\Users\Sean\Desktop\PR4011_2_.png
[2013/12/11 17:52:54 | 000,000,091 | ---- | M] () -- C:\Users\Sean\Desktop\test1.m
[2013/12/09 17:15:33 | 644,592,456 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/06 22:26:55 | 001,233,962 | ---- | C] () -- C:\Users\Sean\Desktop\adwcleaner.exe
[2014/01/06 22:06:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/06 22:06:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/06 22:06:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/06 22:06:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/06 22:06:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/06 20:39:22 | 004,406,784 | ---- | C] () -- C:\Users\Sean\Desktop\RogueKillerX64.exe
[2014/01/06 17:31:48 | 000,002,279 | ---- | C] () -- C:\Users\Sean\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/06 17:31:48 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 10:02:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 09:45:58 | 000,001,264 | ---- | C] () -- C:\Users\Sean\Desktop\Revo Uninstaller.lnk
[2014/01/06 03:02:01 | 000,000,231 | ---- | C] () -- C:\Users\Sean\Desktop\Assassin's Creed IV Black Flag.url
[2014/01/06 02:51:12 | 000,001,201 | ---- | C] () -- C:\Users\Sean\Desktop\Uplay.lnk
[2014/01/03 14:09:45 | 000,000,240 | ---- | C] () -- C:\Users\Sean\Desktop\9 3,302Ayleid Armor and weapons.URL
[2013/12/21 19:33:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013/12/21 18:59:19 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2013/12/17 13:53:53 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2013/12/16 13:02:20 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/11 23:41:44 | 000,000,286 | ---- | C] () -- C:\Users\Sean\Desktop\File Lab12.pdf.URL
[2013/12/11 19:47:29 | 000,127,181 | ---- | C] () -- C:\Users\Sean\Desktop\PR3015_2_.png
[2013/12/11 19:47:03 | 000,122,884 | ---- | C] () -- C:\Users\Sean\Desktop\PR4011_2_.png
[2013/12/11 17:48:30 | 000,000,091 | ---- | C] () -- C:\Users\Sean\Desktop\test1.m
[2013/05/25 19:21:50 | 003,190,168 | R--- | C] () -- C:\Windows\SysWow64\pb.exe
[2013/05/17 21:42:35 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/05/12 13:08:51 | 001,065,984 | ---- | C] () -- C:\Users\Sean\AppData\Local\file__0.localstorage
[2013/05/12 12:35:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/12 12:25:07 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2013/05/12 12:25:07 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2013/05/12 12:25:07 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2013/05/12 12:25:05 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/05/12 12:25:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/05/11 08:38:18 | 000,869,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/11 08:30:57 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/05/11 08:30:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/05/11 08:30:57 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/11 08:23:43 | 000,000,003 | ---- | C] () -- C:\Users\Sean\AppData\Local\user_data.ini
[2013/04/16 08:37:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/16 08:37:12 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/16 08:00:18 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/16 08:00:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 02:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/09/28 13:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/06/19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/01/06 01:09:25 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\.minecraft
[2013/12/17 10:42:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DAEMON Tools Lite
[2013/05/25 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Far Cry 3
[2013/06/16 00:59:23 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\IObit
[2013/10/28 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Mount&Blade
[2013/11/04 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Subversion
[2013/05/25 19:40:29 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Unity
[2013/10/23 13:33:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\USMA
[2014/01/06 22:36:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\uTorrent
[2013/06/24 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 1/6/2014 10:37:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.36% Memory free
15.77 Gb Paging File | 13.55 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 244.70 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SEAN44 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AC59CC-45C2-4F8D-943A-325EEE035714}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2643834D-679F-450E-902E-586823B072D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E3F15B90-558B-4D53-96F1-5FA86EABC8D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FD9FBF8B-BAF5-4376-8A25-B03DBB79E056}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010EB4ED-49CB-42AB-AD42-0587E579562A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{06CA659A-DC0C-442D-B887-60D41A9F630F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{077E9D40-4DEE-4C58-B53F-FFFD50483783}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{08F8CE2F-7271-4EB9-BDD0-3202666C7BCB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0E3D0D21-DA28-4B3D-8990-1F87826933B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{17010FB1-7A3F-4321-B39A-560FCC8687B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{1F3B604E-D5C2-4B89-90AE-DAA6C09362E1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2393777E-20A4-4306-9935-E9E05DDF5B44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{24CDFCC2-16AC-466D-A5F8-CB3865AE5322}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{26649B05-FC41-4D70-B34A-03AB6561E018}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{2878A7CD-6086-4ABC-98ED-9521C9DA1D3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{2914BBE0-17F6-4CED-9D4D-6A21D2BE022B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{2AA30CC4-C2F5-4118-AAEB-C66AF4A8D6BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2AF08A07-0796-4230-9A7D-EDD55335BCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{2F531AF4-4612-464C-B3AB-62F2902C4CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{3817F038-885B-4A6C-9D2A-CE724E6CC7E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{3AA86D2E-C2BC-4D25-AD10-9C7F23E0FE9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{40F7E28C-FCCD-49A7-A25D-93A746BA96B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{42896F36-C83A-4DB9-BEE3-DD97031C8274}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{4951333D-2CD1-4306-AD1D-BD19E1B7CE4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade demo\runme.exe |
"{4A41B176-E827-4C47-A582-5504CE9BD152}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{4BF9D880-A4D8-4E84-AA11-0940F43C0E7E}" = protocol=17 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
"{4C68DFB4-0C69-42D4-803C-CFEC809B3D26}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{4FA5D646-14A7-44D3-93D4-4BF493EE3238}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5340AF6A-3AC6-423D-AD10-28CE5D26D4C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{5AE921F0-19F3-4EF4-B6E7-F307CC5B6B3A}" = dir=in | app=c:\users\sean\appdata\local\microsoft\skydrive\skydrive.exe |
"{5D09038C-6E83-4896-8D13-6D59908099C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{656D3EF5-3EFE-4ED6-952D-F5B9F0F9C5FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{661EE7F3-2DDA-4411-B446-99A6D557D8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A26DE08-3D61-4B0E-ABDA-846F6BDC36FE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{736078BB-C782-42E5-BC7C-450F8AE5729D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{7616C471-B12B-4139-AABB-10092A5719CD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7C4D942E-B56C-4155-9A5B-83FE9FE2465E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7E5BAB7B-084B-4A16-9B6F-CB525EEAA647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{7FEC5458-FD76-4596-8315-B5881EC0A087}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{85574040-01BF-487F-B182-3F034C3C8306}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{86D34475-0FFB-44DE-9A75-70E8C1B24887}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{87088A1F-0FB9-4B98-BE7C-F4FCBD7EAA53}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8AB3482D-62C9-477B-B131-E34EE5450AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{8C98BDDB-8224-4B7D-B1FB-00C722E6D6FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8DFFC5E2-5879-4E4C-959E-5AB96BEAFDE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade demo\runme.exe |
"{97F1409C-382F-4643-84BB-0C3D0B426217}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9CA47E3D-E773-4782-A2FB-6224B820BA4E}" = protocol=58 | dir=in | app=system |
"{9FFADCEC-B0F7-4182-8D5C-DA1A871B0E78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{A6D20939-2157-40B6-B4F2-15F05A01FCB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{A7666521-DEAD-4912-BADC-107495CE5530}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AACCA7E5-C7FF-4F51-8DC6-0C82838C495B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{AD428F41-7B9D-401D-8255-62EA975D4806}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFA35CFE-754F-46BB-8B4C-C5DDC69B145D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{B1C1039C-7323-4DF3-9CE9-EAEDC4B18FDD}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B4AB0E3A-7B3C-4A99-8909-3446BFEBEA37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{BC7BBE8A-9134-4C1C-BD0F-67567DB908E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{BEF890DB-60B5-4D16-913D-F689F20B548F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{C48014DA-0348-461D-B1B5-943D4FF8F1E5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C5D2B068-D425-4FB7-92CE-1E804DA4F3F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{CAC39FF7-DA9F-49BB-9EA5-22EBF9DCC33E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{CC2A2A5B-8E63-478D-A19C-0BCED0F8CE0D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE7ED0D9-815A-4F8C-BBBD-038B6142651C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF70DA21-7F5A-4630-BFFB-A9A7B4D1D4A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{D1C48320-3B95-469E-8E46-2951F3CE768E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D54EA5CD-20A1-4A4C-9043-281654EBC795}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{D7729DA7-493D-4021-BC89-579AD7345917}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{D85285B6-3216-4908-BD0F-C290DEDBF998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{DA22E572-BDAB-4DE9-A351-D284ABF6297D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB376037-9F0D-445C-B510-D7083322FAF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{DDF487AB-C2C0-4550-A27E-9828612831F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E3332DFB-43E3-4DBF-A69C-C41C72EEB976}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E8E755FC-5F95-4EEA-9CCD-87A9EED721B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E915F3E3-5FB8-4289-8BB0-DA45C407DAC7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9B5B1D6-8A2C-4117-B82E-A36D2784BDE9}" = protocol=6 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
"{EE81D767-EBF9-4CB8-97C4-01FA2C2ECE47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F04DA178-B3FA-482F-9E8C-B1E02A82D2CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F25AEDE8-172E-4FB8-B42C-7EFB4AD3EEEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{F3F0ABE1-5DB1-443E-A5BB-35A6E926F620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F82A76AC-C23F-4937-99F1-8CB6EA0865B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{FA144C4F-83EE-4DCD-9B4C-C83583A2EA74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"TCP Query User{1F956EF8-DD26-4FC7-A213-00A9202B692B}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{65D3CFCF-5122-4B6C-A058-995BC519C103}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe |
"TCP Query User{730218B1-4C51-4A91-BBC4-8BD87F72F8F4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9E8C6579-E549-487D-BB63-34BE691B33CA}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{AE4763D8-2C40-4646-8257-FE33D86AB5B5}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"TCP Query User{D3E4DD47-F8C6-425D-B658-5D7EEBCCEF5D}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{446A95A6-7B4D-4B1B-95C9-D0DF09D0FA95}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{6128DB5A-A72E-4C1C-84E7-8EA33C1F3095}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{8506AE72-A443-4B9F-B769-97DA43AF91CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A2F2C0BE-EDD2-4C65-A964-06E9BD8633D1}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe |
"UDP Query User{A44A2C30-B9DF-4004-95F3-86730008CB6D}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{A8B712EA-FA8F-4B28-82EC-8040063C519C}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1C540622-4537-CD83-2050-FCB55D86F6F9}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0594B1-AEB0-8CB4-0C08-D0FAAD98421B}" = AMD Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C6AB0C69-02C2-F4BA-3827-E1C9E24EF019}" = AMD Media Foundation Decoders
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF4CC5CF-65A0-D36F-7A0C-F6F326E6C1DD}" = AMD Accelerated Video Transcoding
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FD948C29-2CD8-5F3B-562D-3ABD05576DC9}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CCleaner" = CCleaner
"Matlab R2013a" = MATLAB R2013a
"Microsoft Security Client" = Microsoft Security Essentials
"XFast LAN" = XFast LAN v6.61
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{0C37D2D1-09B4-745F-35FA-F62E2692756A}" = Catalyst Control Center
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3DDD9BBC-DF3B-0A56-64FF-91EDA87790E2}" = Catalyst Control Center Localization All
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7043DB-4A0E-F865-E712-DC79EC5ED02E}" = CCC Help Chinese Standard
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5FB90FB1-6ABF-3820-CF49-61533492C2F9}" = CCC Help Turkish
"{6174A901-423D-83CC-B550-C42D62928D46}" = CCC Help Italian
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82B971B1-6B0F-4D9B-6333-2EDA78C509D0}" = CCC Help Thai
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = ASUS USB-N13 WLAN Card Utilities & Driver
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C57EEBB9-168C-4C98-8162-FD19E7F0AE77}_is1" = The Elder Scrolls V Skyrim
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{DB35FFD8-2B55-D0DE-F2CC-00A087500F44}" = CCC Help Chinese Traditional
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA176955-8F37-EA7C-B607-76FCA407D3C6}" = Catalyst Control Center InstallProxy
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dolphin x86" = Dolphin x86 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Far Cry 3_R.G. Mechanics_is1" = Far Cry 3
"Files Access" = Files Access
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MIT Network Version" = Microsoft Interactive Training Network Version
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 22110" = Mount & Blade Demo
"Steam App 22380" = Fallout: New Vegas
"Steam App 232210" = Chivalry: Medieval Warfare Beta
"Steam App 6060" = Star Wars - Battlefront II
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Uplay" = Uplay
"Uplay Install 273" = Assassins Creed IV Black Flag
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"West Point Bridge Designer 2013 (2nd Edition)" = West Point Bridge Designer 2013 (2nd Edition) (remove only)
"WinLiveSuite" = Windows Live Essentials
"XFastUSB" = XFastUSB
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"soe-PlanetSide 2" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.89 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.36% Memory free
15.77 Gb Paging File | 13.55 Gb Available in Paging File | 85.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 244.70 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SEAN44 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AC59CC-45C2-4F8D-943A-325EEE035714}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2643834D-679F-450E-902E-586823B072D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E3F15B90-558B-4D53-96F1-5FA86EABC8D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{FD9FBF8B-BAF5-4376-8A25-B03DBB79E056}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010EB4ED-49CB-42AB-AD42-0587E579562A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{06CA659A-DC0C-442D-B887-60D41A9F630F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{077E9D40-4DEE-4C58-B53F-FFFD50483783}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{08F8CE2F-7271-4EB9-BDD0-3202666C7BCB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0E3D0D21-DA28-4B3D-8990-1F87826933B6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{17010FB1-7A3F-4321-B39A-560FCC8687B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{1F3B604E-D5C2-4B89-90AE-DAA6C09362E1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2393777E-20A4-4306-9935-E9E05DDF5B44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{24CDFCC2-16AC-466D-A5F8-CB3865AE5322}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{26649B05-FC41-4D70-B34A-03AB6561E018}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{2878A7CD-6086-4ABC-98ED-9521C9DA1D3B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{2914BBE0-17F6-4CED-9D4D-6A21D2BE022B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{2AA30CC4-C2F5-4118-AAEB-C66AF4A8D6BB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{2AF08A07-0796-4230-9A7D-EDD55335BCC1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{2F531AF4-4612-464C-B3AB-62F2902C4CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{3817F038-885B-4A6C-9D2A-CE724E6CC7E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{3AA86D2E-C2BC-4D25-AD10-9C7F23E0FE9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{40F7E28C-FCCD-49A7-A25D-93A746BA96B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{42896F36-C83A-4DB9-BEE3-DD97031C8274}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udk.exe |
"{4951333D-2CD1-4306-AD1D-BD19E1B7CE4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade demo\runme.exe |
"{4A41B176-E827-4C47-A582-5504CE9BD152}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{4BF9D880-A4D8-4E84-AA11-0940F43C0E7E}" = protocol=17 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
"{4C68DFB4-0C69-42D4-803C-CFEC809B3D26}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfsp.exe |
"{4FA5D646-14A7-44D3-93D4-4BF493EE3238}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5340AF6A-3AC6-423D-AD10-28CE5D26D4C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{5AE921F0-19F3-4EF4-B6E7-F307CC5B6B3A}" = dir=in | app=c:\users\sean\appdata\local\microsoft\skydrive\skydrive.exe |
"{5D09038C-6E83-4896-8D13-6D59908099C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win64\udkeditor.exe |
"{656D3EF5-3EFE-4ED6-952D-F5B9F0F9C5FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{661EE7F3-2DDA-4411-B446-99A6D557D8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A26DE08-3D61-4B0E-ABDA-846F6BDC36FE}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{736078BB-C782-42E5-BC7C-450F8AE5729D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{7616C471-B12B-4139-AABB-10092A5719CD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7C4D942E-B56C-4155-9A5B-83FE9FE2465E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7E5BAB7B-084B-4A16-9B6F-CB525EEAA647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{7FEC5458-FD76-4596-8315-B5881EC0A087}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{85574040-01BF-487F-B182-3F034C3C8306}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{86D34475-0FFB-44DE-9A75-70E8C1B24887}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{87088A1F-0FB9-4B98-BE7C-F4FCBD7EAA53}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8AB3482D-62C9-477B-B131-E34EE5450AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{8C98BDDB-8224-4B7D-B1FB-00C722E6D6FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8DFFC5E2-5879-4E4C-959E-5AB96BEAFDE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade demo\runme.exe |
"{97F1409C-382F-4643-84BB-0C3D0B426217}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9CA47E3D-E773-4782-A2FB-6224B820BA4E}" = protocol=58 | dir=in | app=system |
"{9FFADCEC-B0F7-4182-8D5C-DA1A871B0E78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{A6D20939-2157-40B6-B4F2-15F05A01FCB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{A7666521-DEAD-4912-BADC-107495CE5530}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AACCA7E5-C7FF-4F51-8DC6-0C82838C495B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{AD428F41-7B9D-401D-8255-62EA975D4806}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFA35CFE-754F-46BB-8B4C-C5DDC69B145D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{B1C1039C-7323-4DF3-9CE9-EAEDC4B18FDD}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B4AB0E3A-7B3C-4A99-8909-3446BFEBEA37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{BC7BBE8A-9134-4C1C-BD0F-67567DB908E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{BEF890DB-60B5-4D16-913D-F689F20B548F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{C48014DA-0348-461D-B1B5-943D4FF8F1E5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C5D2B068-D425-4FB7-92CE-1E804DA4F3F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{CAC39FF7-DA9F-49BB-9EA5-22EBF9DCC33E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{CC2A2A5B-8E63-478D-A19C-0BCED0F8CE0D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CE7ED0D9-815A-4F8C-BBBD-038B6142651C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF70DA21-7F5A-4630-BFFB-A9A7B4D1D4A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{D1C48320-3B95-469E-8E46-2951F3CE768E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D54EA5CD-20A1-4A4C-9043-281654EBC795}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{D7729DA7-493D-4021-BC89-579AD7345917}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{D85285B6-3216-4908-BD0F-C290DEDBF998}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"{DA22E572-BDAB-4DE9-A351-D284ABF6297D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB376037-9F0D-445C-B510-D7083322FAF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed iv black flag\ac4bfmp.exe |
"{DDF487AB-C2C0-4550-A27E-9828612831F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E3332DFB-43E3-4DBF-A69C-C41C72EEB976}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E8E755FC-5F95-4EEA-9CCD-87A9EED721B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E915F3E3-5FB8-4289-8BB0-DA45C407DAC7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E9B5B1D6-8A2C-4117-B82E-A36D2784BDE9}" = protocol=6 | dir=in | app=c:\users\sean\appdata\roaming\utorrent\utorrent.exe |
"{EE81D767-EBF9-4CB8-97C4-01FA2C2ECE47}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F04DA178-B3FA-482F-9E8C-B1E02A82D2CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F25AEDE8-172E-4FB8-B42C-7EFB4AD3EEEC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\chivlauncher.exe |
"{F3F0ABE1-5DB1-443E-A5BB-35A6E926F620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F82A76AC-C23F-4937-99F1-8CB6EA0865B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\chivlauncher.exe |
"{FA144C4F-83EE-4DCD-9B4C-C83583A2EA74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfarebeta\binaries\win32\udk.exe |
"TCP Query User{1F956EF8-DD26-4FC7-A213-00A9202B692B}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{65D3CFCF-5122-4B6C-A058-995BC519C103}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe |
"TCP Query User{730218B1-4C51-4A91-BBC4-8BD87F72F8F4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9E8C6579-E549-487D-BB63-34BE691B33CA}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{AE4763D8-2C40-4646-8257-FE33D86AB5B5}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"TCP Query User{D3E4DD47-F8C6-425D-B658-5D7EEBCCEF5D}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{446A95A6-7B4D-4B1B-95C9-D0DF09D0FA95}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{6128DB5A-A72E-4C1C-84E7-8EA33C1F3095}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{8506AE72-A443-4B9F-B769-97DA43AF91CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A2F2C0BE-EDD2-4C65-A964-06E9BD8633D1}C:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\r.g. mechanics\far cry 3\bin\farcry3.exe |
"UDP Query User{A44A2C30-B9DF-4004-95F3-86730008CB6D}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{A8B712EA-FA8F-4B28-82EC-8040063C519C}C:\games\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\common\skyrim\creationkit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC5
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1C540622-4537-CD83-2050-FCB55D86F6F9}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0594B1-AEB0-8CB4-0C08-D0FAAD98421B}" = AMD Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C6AB0C69-02C2-F4BA-3827-E1C9E24EF019}" = AMD Media Foundation Decoders
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel(R) Smart Connect Technology 2.0 x64
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF4CC5CF-65A0-D36F-7A0C-F6F326E6C1DD}" = AMD Accelerated Video Transcoding
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FD948C29-2CD8-5F3B-562D-3ABD05576DC9}" = AMD Drag and Drop Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CCleaner" = CCleaner
"Matlab R2013a" = MATLAB R2013a
"Microsoft Security Client" = Microsoft Security Essentials
"XFast LAN" = XFast LAN v6.61
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{0C37D2D1-09B4-745F-35FA-F62E2692756A}" = Catalyst Control Center
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3DDD9BBC-DF3B-0A56-64FF-91EDA87790E2}" = Catalyst Control Center Localization All
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7043DB-4A0E-F865-E712-DC79EC5ED02E}" = CCC Help Chinese Standard
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5FB90FB1-6ABF-3820-CF49-61533492C2F9}" = CCC Help Turkish
"{6174A901-423D-83CC-B550-C42D62928D46}" = CCC Help Italian
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82B971B1-6B0F-4D9B-6333-2EDA78C509D0}" = CCC Help Thai
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = ASUS USB-N13 WLAN Card Utilities & Driver
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C57EEBB9-168C-4C98-8162-FD19E7F0AE77}_is1" = The Elder Scrolls V Skyrim
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{DB35FFD8-2B55-D0DE-F2CC-00A087500F44}" = CCC Help Chinese Traditional
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA176955-8F37-EA7C-B607-76FCA407D3C6}" = Catalyst Control Center InstallProxy
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dolphin x86" = Dolphin x86 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"Far Cry 3_R.G. Mechanics_is1" = Far Cry 3
"Files Access" = Files Access
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MIT Network Version" = Microsoft Interactive Training Network Version
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Revo Uninstaller" = Revo Uninstaller 1.95
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 22110" = Mount & Blade Demo
"Steam App 22380" = Fallout: New Vegas
"Steam App 232210" = Chivalry: Medieval Warfare Beta
"Steam App 6060" = Star Wars - Battlefront II
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Uplay" = Uplay
"Uplay Install 273" = Assassins Creed IV Black Flag
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"West Point Bridge Designer 2013 (2nd Edition)" = West Point Bridge Designer 2013 (2nd Edition) (remove only)
"WinLiveSuite" = Windows Live Essentials
"XFastUSB" = XFastUSB
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
"soe-PlanetSide 2" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
< End of report >
Broni
Posts: 56,041 +516
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2:64bit: - BHO: (Plus-HD-1.3) - {11111111-1111-1111-1111-110311121157} - C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-bho64.dll File not found
O2:64bit: - BHO: (SearchNewTab) - {2D37E3DE-35BB-A241-FEC5-F8485CC75DA4} - C:\Program Files (x86)\SearchNewTab\fBqqSj1o.x64.dll File not found
O2:64bit: - BHO: (ssurf AnD keep) - {337262F8-5207-1CF5-97A4-D89CAF8D9788} - C:\Program Files (x86)\ssurf AnD keep\L6roPZ.x64.dll File not found
O2:64bit: - BHO: (YoutubeAdblocker) - {423A284C-120C-A709-784F-DEC29D3A0DDD} - C:\Program Files (x86)\YoutubeAdblocker\PDMND_m.x64.dll File not found
O2:64bit: - BHO: (SearchNewTab) - {93625CB0-137D-155C-A14B-7061D9F99A9F} - C:\Program Files (x86)\SearchNewTab\HPsPfg5Qt.x64.dll File not found
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {42435041-3300-A76A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-903125041-1404267061-2774934068-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Services
:Reg
:Files
C:\FRST
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Disable your antivirus program
- Click on "Run ESET Online Scanner" button.
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{337262F8-5207-1CF5-97A4-D89CAF8D9788}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{337262F8-5207-1CF5-97A4-D89CAF8D9788}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{423A284C-120C-A709-784F-DEC29D3A0DDD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423A284C-120C-A709-784F-DEC29D3A0DDD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93625CB0-137D-155C-A14B-7061D9F99A9F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93625CB0-137D-155C-A14B-7061D9F99A9F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42435041-3300-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42435041-3300-A76A-76A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hedev
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sean
->Temp folder emptied: 2225089 bytes
->Temporary Internet Files folder emptied: 60905069 bytes
->FireFox cache emptied: 374243290 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 20661 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1819 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55735637 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 471.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01062014_230037
Files\Folders moved on Reboot...
C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311121157}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D37E3DE-35BB-A241-FEC5-F8485CC75DA4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{337262F8-5207-1CF5-97A4-D89CAF8D9788}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{337262F8-5207-1CF5-97A4-D89CAF8D9788}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{423A284C-120C-A709-784F-DEC29D3A0DDD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423A284C-120C-A709-784F-DEC29D3A0DDD}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93625CB0-137D-155C-A14B-7061D9F99A9F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93625CB0-137D-155C-A14B-7061D9F99A9F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42435041-3300-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42435041-3300-A76A-76A7-7A786E7484D7}\ not found.
Registry value HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\Windows\Updreg.EXE moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-903125041-1404267061-2774934068-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hedev
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sean
->Temp folder emptied: 2225089 bytes
->Temporary Internet Files folder emptied: 60905069 bytes
->FireFox cache emptied: 374243290 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 20661 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1819 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55735637 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 471.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01062014_230037
Files\Folders moved on Reboot...
C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 05-12-2013
Ran by Sean (administrator) on 06-01-2014 at 23:10:00
Running from "C:\Users\Sean\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Ran by Sean (administrator) on 06-01-2014 at 23:10:00
Running from "C:\Users\Sean\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
ESETScan:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir multiple threats deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\plugin@yontoo.com.xpi.vir Win32/Adware.Yontoo application deleted - quarantined
C:\Users\Sean\Desktop\Old Firefox Data\fmb849k2.default\Extensions\plugin@yontoo.com.xpi Win32/Adware.Yontoo application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir multiple threats deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\fmb849k2.default\Extensions\plugin@yontoo.com.xpi.vir Win32/Adware.Yontoo application deleted - quarantined
C:\Users\Sean\Desktop\Old Firefox Data\fmb849k2.default\Extensions\plugin@yontoo.com.xpi Win32/Adware.Yontoo application deleted - quarantined
Broni
Posts: 56,041 +516
Make sure you UN-check Yes, install McAfee Security Scan Plus
NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.
You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
======================================
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure Windows Updates are current.
4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)
6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.
9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
11. (Windows XP only) Run defrag at your convenience.
12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
14. Please, let me know, how your computer is doing.
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hedev
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sean
->Temp folder emptied: 5480 bytes
->Temporary Internet Files folder emptied: 6182788 bytes
->FireFox cache emptied: 48598897 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 927 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4306 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 52.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01072014_191144
Files\Folders moved on Reboot...
C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hedev
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sean
->Temp folder emptied: 5480 bytes
->Temporary Internet Files folder emptied: 6182788 bytes
->FireFox cache emptied: 48598897 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 927 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4306 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 52.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: hedev
User: Public
User: Sean
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01072014_191144
Files\Folders moved on Reboot...
C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Similar threads
Latest posts
-
Amazon denies claims it started a business just to spy on rivals- midian182 replied
