Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://www.search.ghribi.com/ REALLY bad news infection

Started by himagaintoo , Jan 29 2013 08:45 PM

  • Please log in to reply

#1
himagaintoo
Posted 29 January 2013 - 08:45 PM

himagaintoo

    New Member

  • Member
  • Pip
  • 7 posts
Greetings from Downunder!
I have picked up this beastie while accessing MIcrosoft! I was on the 11S7 info page just prior and when I next restarted FireFox the default new Tab became the IIS7 giant logo but with http://www.search.ghribi.com/ as the location.

It appears to be a reasonably well-known problem, but so far all attempts to remove it have failed: Spybot, Malware, MSE.
System is progressively slowing down (as warned)and I cannot display my choice of screen Background - it flashes for about 1 second and vanishes.

I'm running OTL right now and it has been a loooong time. Not sure if it is running (due to the infection apparently controlling many aspects of its taken-over systems..!!..) so I'll post this and follow up again a.s.a.p. in case.

I did notice a "FIX" option on the OTL program, too??

T.I.A.

P.S. The OTL Just finished! Have attached!

OTL logfile created on: 1/30/2013 11:44:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\0 TOOLS -SYSTEM\VIRUS 2013
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.48 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.65% Memory free
6.96 Gb Paging File | 4.53 Gb Available in Paging File | 65.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 106.07 Gb Free Space | 47.07% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 173.78 Gb Free Space | 77.12% Space Free | Partition Type: NTFS

Computer Name: FABLOR-1 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 11:42:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\0 TOOLS -SYSTEM\VIRUS 2013\OTL.exe
PRC - [2013/01/26 10:51:55 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2013/01/21 05:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/17 06:10:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/14 22:30:52 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
PRC - [2013/01/12 12:46:46 | 000,422,400 | ---- | M] (BigStretch) -- D:\Program Files\Monkeymatt\Big Stretch\bigstretch.exe
PRC - [2013/01/10 06:34:57 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2013/01/07 14:56:16 | 002,909,640 | ---- | M] (TechSmith Corporation) -- D:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2013/01/05 00:27:04 | 000,109,496 | ---- | M] (Glarysoft Ltd) -- D:\Program Files\Glary Utilities\memdefrag.exe
PRC - [2013/01/01 18:49:12 | 003,256,208 | ---- | M] (SoftPerfect Research) -- d:\Program Files\NetWorx\networx.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 02:20:38 | 000,025,048 | ---- | M] (Apache Software Foundation) -- d:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
PRC - [2012/12/13 02:20:38 | 000,025,048 | ---- | M] (Apache Software Foundation) -- D:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
PRC - [2012/12/13 02:20:36 | 000,047,064 | ---- | M] (Spiceworks, Inc.) -- d:\Program Files\Spiceworks\bin\spiceworks.exe
PRC - [2012/12/02 16:45:54 | 002,846,168 | ---- | M] (Mister Group) -- D:\Program Files\System Explorer\SystemExplorer.exe
PRC - [2012/11/25 05:13:10 | 000,567,256 | ---- | M] (Mister Group) -- d:\Program Files\System Explorer\service\SystemExplorerService.exe
PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/11/10 05:28:16 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/09/26 07:51:05 | 000,156,000 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2012/09/26 07:51:03 | 000,917,792 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
PRC - [2012/09/20 06:00:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/13 17:16:04 | 000,516,153 | ---- | M] (Green Eclipse) -- D:\Program Files\StickyPad\StickyPad.exe
PRC - [2012/07/18 22:13:46 | 000,458,200 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\NaturallySpeaking12\dgnuiasvr.exe
PRC - [2012/07/18 22:07:38 | 004,990,936 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking12\Program\natspeak.exe
PRC - [2012/07/18 22:07:22 | 000,560,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\NaturallySpeaking12\Program\dnsspserver.exe
PRC - [2012/07/18 22:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2012/07/10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- d:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/05/08 23:15:20 | 000,189,952 | ---- | M] (Monitis Inc.) -- D:\Program Files\Monitis.com\Monitis\Monitis.exe
PRC - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- d:\Program Files\WordWeb\wweb32.exe
PRC - [2012/03/29 07:34:00 | 000,075,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2012/03/19 21:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/22 10:07:58 | 000,019,456 | ---- | M] (Spacejock Software) -- D:\Program Files\RMP3\RMP3.exe
PRC - [2011/12/09 19:29:46 | 000,259,072 | ---- | M] () -- D:\Program Files\Zentimo\ZentimoService.exe
PRC - [2011/11/23 21:33:10 | 000,540,872 | ---- | M] (Murray Hurps Corp Pty Ltd) -- D:\Program Files\Ad Muncher\AdMunch.exe
PRC - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/12 23:11:34 | 002,068,856 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/10/12 23:11:32 | 001,446,264 | ---- | M] (Flexera Software LLC.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2011/10/07 19:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/28 05:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/05/12 17:18:24 | 002,705,672 | ---- | M] (Vladonai Software (http://www.vladonai.com)) -- D:\Program Files\AllMyNotes Organizer\AllMyNotes.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 08:44:44 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/26 17:38:44 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- D:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2010/12/26 17:38:44 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- d:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/11/20 22:17:51 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2010/09/01 18:04:12 | 005,517,312 | ---- | M] (ExtraSpy Software) -- D:\PROGRAMS\True Time Tracker\TTT.exe
PRC - [2010/04/10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010/03/02 21:44:03 | 000,091,520 | ---- | M] (Nektra S.A.) -- C:\Program Files\NXPowerLite\loadnxploeaddin.exe
PRC - [2010/01/19 12:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/14 17:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/11/04 14:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\owner\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/05/12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- d:\Program Files\Winstep\WsxService.exe
PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 19:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/04 16:26:16 | 000,028,672 | ---- | M] (AVEO) -- C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/06/02 09:10:08 | 003,126,784 | ---- | M] () -- D:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/26 10:51:54 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013/01/17 06:10:52 | 003,022,232 | ---- | M] () -- D:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/11 09:47:49 | 018,080,256 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll
MOD - [2013/01/11 09:47:30 | 001,085,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\edf6ed0d469ab0053a56ec64be932f7d\System.ServiceModel.Web.ni.dll
MOD - [2013/01/11 09:43:00 | 001,838,080 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7df66d988771b71b8c8dc097574b81c7\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/11 09:42:58 | 000,253,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\aa4c1cd22b6834272c61f5c89fd0f592\WindowsFormsIntegration.ni.dll
MOD - [2013/01/11 09:41:54 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9fe8c27f7d33440089db00fa170f95f9\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 09:41:50 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll
MOD - [2013/01/11 09:41:49 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/01/11 09:41:48 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll
MOD - [2013/01/11 09:41:48 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/01/11 09:41:44 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/11 09:41:19 | 000,044,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll
MOD - [2013/01/11 09:39:29 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/10 21:50:38 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 21:49:39 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 21:39:13 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/10 21:39:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 21:37:50 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 21:37:37 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 21:37:35 | 001,806,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\43f1725719239288707661115956470e\System.Deployment.ni.dll
MOD - [2013/01/10 21:37:02 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 21:36:56 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 21:36:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 21:36:44 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/10 13:07:43 | 018,002,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll
MOD - [2013/01/10 13:07:29 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll
MOD - [2013/01/10 13:07:28 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\08fca556cf3fe582233fa080cdbec8f1\System.Windows.Forms.ni.dll
MOD - [2013/01/10 13:07:24 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll
MOD - [2013/01/10 13:07:14 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll
MOD - [2013/01/10 13:07:11 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/10 13:07:11 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/10 13:07:09 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 13:07:06 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll
MOD - [2013/01/10 13:07:03 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/10 13:07:01 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/10 13:06:55 | 000,145,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c41a7a0a68540e43d10389646e84e3d1\System.Numerics.ni.dll
MOD - [2013/01/10 13:06:52 | 014,413,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/09/26 07:51:07 | 000,062,464 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2012/09/26 07:51:06 | 000,400,384 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2012/09/26 07:51:06 | 000,062,976 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2012/09/26 07:51:05 | 000,322,048 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2012/09/26 07:51:05 | 000,195,584 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2012/09/26 07:51:05 | 000,064,512 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2012/09/26 07:51:05 | 000,020,480 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2012/09/26 07:51:05 | 000,016,896 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\featureController.dll
MOD - [2012/09/26 07:51:03 | 000,446,976 | ---- | M] () -- D:\Program Files\Intel\IntelAppStore\bin\DeviceProfile.dll
MOD - [2012/07/15 12:27:53 | 002,216,480 | ---- | M] () -- C:\Windows\System32\wweb32.dll
MOD - [2012/07/15 12:25:02 | 000,022,800 | ---- | M] () -- d:\Program Files\WordWeb\WUCNT.dll
MOD - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- d:\Program Files\WordWeb\wweb32.exe
MOD - [2012/01/08 23:41:12 | 000,093,696 | ---- | M] () -- d:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/07 19:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/17 11:48:22 | 000,480,256 | ---- | M] () -- d:\Program Files\NetWorx\sqlite.dll
MOD - [2010/12/26 17:37:46 | 000,050,056 | ---- | M] () -- D:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2010/04/02 18:03:56 | 000,321,536 | ---- | M] () -- D:\PROGRAMS\True Time Tracker\sqlite36_engine.dll
MOD - [2009/08/29 16:00:12 | 000,966,656 | ---- | M] () -- C:\Users\owner\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/06/03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/27 16:38:22 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/10/20 15:28:44 | 000,045,056 | ---- | M] () -- C:\Program Files\USB2.0 PC Camera\AVEOCamSDK.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/04 10:48:16 | 000,106,496 | ---- | M] () -- D:\Program Files\RocketDock\Docklets\RocketClock\RocketClock.dll
MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006/06/02 09:10:08 | 003,126,784 | ---- | M] () -- D:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe
MOD - [2006/04/15 22:07:02 | 000,159,744 | ---- | M] () -- D:\Program Files\Zeallsoft\Super Screen Capture\zHook.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- D:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/01/26 10:51:55 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/17 06:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/14 22:30:52 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)
SRV - [2013/01/10 06:34:57 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 02:20:36 | 000,047,064 | ---- | M] (Spiceworks, Inc.) [Auto | Running] -- d:\Program Files\Spiceworks\bin\spiceworks.exe -- (spiceworks)
SRV - [2012/11/25 05:13:10 | 000,567,256 | ---- | M] (Mister Group) [On_Demand | Running] -- d:\Program Files\System Explorer\service\SystemExplorerService.exe -- (SystemExplorerHelpService)
SRV - [2012/11/22 10:50:02 | 000,166,424 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/18 22:07:06 | 000,310,232 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2012/05/08 23:15:20 | 000,189,952 | ---- | M] (Monitis Inc.) [Auto | Running] -- D:\Program Files\Monitis.com\Monitis\Monitis.exe -- (Monitis Smart Agent)
SRV - [2012/04/19 22:15:48 | 000,561,624 | ---- | M] (Mister Group) [On_Demand | Stopped] -- d:\Program Files\System Security Guard\service\SSGService.exe -- (SSGHelpService)
SRV - [2012/03/29 07:34:00 | 000,075,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2012/03/19 21:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/12/09 19:29:46 | 000,259,072 | ---- | M] () [Auto | Running] -- D:\Program Files\Zentimo\ZentimoService.exe -- (ZentimoService)
SRV - [2011/10/15 18:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/28 05:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/02 01:07:26 | 002,141,944 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Syslog Watcher 4\SWService.exe -- (SWService)
SRV - [2010/12/26 17:38:44 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- d:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/16 16:56:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- d:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2009/03/05 19:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\dfg.sys -- (dfg)
DRV - [2013/01/30 11:23:42 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A5F8BE0-10A7-4111-880E-24AB9BA552D1}\MpKsl5e4884fd.sys -- (MpKsl5e4884fd)
DRV - [2013/01/10 06:34:57 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/01 09:51:32 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013/01/01 08:49:12 | 000,020,712 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/26 16:34:28 | 000,052,728 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\networx.sys -- (networx)
DRV - [2012/10/11 13:08:10 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/10/11 13:08:08 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/09/07 18:38:28 | 000,116,056 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2012/09/07 18:38:28 | 000,104,792 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2012/09/07 18:38:26 | 000,158,552 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2012/09/07 18:38:26 | 000,091,992 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/05 16:33:00 | 000,082,776 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2012/05/04 06:22:22 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/03/20 15:47:52 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012/03/20 15:47:45 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012/03/20 15:47:45 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012/03/03 09:14:26 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/03/02 13:14:50 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/02 16:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 16:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 16:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/05/10 15:41:36 | 000,058,872 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010/12/26 17:38:34 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2010/12/26 17:38:30 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2010/12/26 17:38:26 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2010/12/26 17:38:24 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/12/02 18:17:50 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2010/11/23 17:10:44 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/25 14:45:28 | 000,395,464 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/08/25 14:45:28 | 000,037,080 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/23 10:09:20 | 000,028,648 | ---- | M] (Wondershare Software Co.,Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MirDisk.sys -- (MirDisk)
DRV - [2010/06/23 10:09:12 | 000,033,896 | ---- | M] (Wondershare Software Co.,Ltd) [File_System | Boot | Running] -- C:\Windows\System32\drivers\HKDirFlt.sys -- (HKDirFlt)
DRV - [2010/03/15 11:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009/11/26 07:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/29 17:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/28 19:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 09:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/02 06:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2008/08/18 15:58:52 | 000,002,688 | ---- | M] () [Kernel | Auto | Running] -- D:\Program Files\AV WebCam Morpher\WebCamHelper.sys -- (WebCamHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...1-EF2CCCB87923}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...1-EF2CCCB87923}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...54-79A3E98E643A
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...SMSN_en___AU384
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...SN_enAU383AU384
IE - HKCU\..\SearchScopes\{8C72A0CD-8E44-4548-889F-6DB64E486507}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2013-01-10 06:35:15&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{CC1BD85A-E405-4D05-9AB1-D4739A2C63CD}: "URL" = http://au.search.yah...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: alertcheck%40mike.conley:1.1
FF - prefs.js..extensions.enabledAddons: dcct%40mingyi.org:0.27
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:10.2
FF - prefs.js..extensions.enabledAddons: firefox%40zemanta.com:1.0
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.2
FF - prefs.js..extensions.enabledAddons: gmailthis%40lazyrussian.com:2.3.0
FF - prefs.js..extensions.enabledAddons: helper%40savefrom.net:1.50
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.0
FF - prefs.js..extensions.enabledAddons: listit%40csail.mit.edu:0.5.0.2
FF - prefs.js..extensions.enabledAddons: memoryrestart%40teamextension.com:1.10
FF - prefs.js..extensions.enabledAddons: next%40scribefire.com:4.0
FF - prefs.js..extensions.enabledAddons: plugin%40apture.com:2.0.0
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:8.6
FF - prefs.js..extensions.enabledAddons: quoteurltext%40jay.palat:1.0.9b
FF - prefs.js..extensions.enabledAddons: sam%40samfind.com:2.2.6
FF - prefs.js..extensions.enabledAddons: securebrowsing%40m86security.com:3.504
FF - prefs.js..extensions.enabledAddons: seo-blogger%40wordtracker.com:1.0.8
FF - prefs.js..extensions.enabledAddons: tabutils%40ithinc.cn:1.1.5
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.2
FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: vsc%40briks.si:1.0.1
FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: %7B0a8596ce-feaa-3b01-e8b5-2972cc764d80%7D:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B1a0c9ebe-ddf9-4b76-b8a3-675c77874d37%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.1.3.1
FF - prefs.js..extensions.enabledAddons: %7B1f91cde0-c040-11da-a94d-0800200c9a66%7D:12
FF - prefs.js..extensions.enabledAddons: %7B239cc760-75a9-4276-b1fc-c0ceb963f373%7D:1.1.7
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B4aebcd37-f454-4928-9233-174a026ed367%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.8.1
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.5.4
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
FF - prefs.js..extensions.enabledAddons: %7B8f5ce3f8-1735-4680-b15e-108f2f50e8ba%7D:3.0.0
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.1
FF - prefs.js..extensions.enabledAddons: %7BAFF0F480-EDE7-11DB-8BB2-438255D89593%7D:1.4.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bd9284e50-81fc-11da-a72b-0800200c9a66%7D:7.7.10
FF - prefs.js..extensions.enabledAddons: %7BDA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B%7D:1.2.337.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.6
FF - prefs.js..extensions.enabledAddons: %7Bf69e22c7-bc50-414a-9269-0f5c344cd94c%7D:6.1
FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.5
FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B3ED591BC-7CC7-495B-A526-B2431356EDC1%7D:2.0
FF - prefs.js..extensions.enabledAddons: wcapturex%40deskperience.com:5.0.4406
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44026
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.20091223
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba}:3.0.0
FF - prefs.js..extensions.enabledItems: feedly@devhd:5.4
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}:1.2.310
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AFF0F480-EDE7-11DB-8BB2-438255D89593}:1.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0
FF - prefs.js..extensions.enabledItems: {0a8596ce-feaa-3b01-e8b5-2972cc764d80}:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.9b
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..extensions.enabledItems: {8e175e4c-dec2-4917-bd9a-d75e7cb33d61}:3.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.3.05
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll (VideoDownloadConverter)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: d:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\LibreOffice 3.4\program File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: D:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: d:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/02/22 08:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: d:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2011/11/24 04:09:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/10 05:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: d:\Program Files\WordWeb\WCaptureMoz [2012/08/15 07:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 21:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/10 05:28:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/06 19:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2013/01/11 07:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: d:\Program Files\VDownloader\Addons\FireFox [2013/01/16 06:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/18 14:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 15:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2013/01/19 07:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: d:\Program Files\Mozilla Thunderbird\components [2013/01/30 09:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: d:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: d:\Program Files\Ad Muncher\FirefoxExtension_2.0 [2011/11/24 04:09:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: d:\Program Files\CaptureSaverfree\Firefox [2012/12/09 08:27:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/18 14:12:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 15:29:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2013/01/30 09:20:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins

[2011/06/27 07:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/06/30 21:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/27 07:24:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/23 06:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\03eyoavo.SAFE\extensions
[2013/01/21 11:51:25 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\03eyoavo.SAFE\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2013/01/04 06:56:52 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\03eyoavo.SAFE\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/01/08 20:18:38 | 000,000,000 | ---D | M] (Fire IE) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/26 11:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\3zgzbpyd.NOTHING\extensions
[2013/01/23 17:27:28 | 000,000,000 | ---D | M] (TextMarker!) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\3zgzbpyd.NOTHING\extensions\{1c530060-b0ae-11d9-9669-0800200c9a66}
[2012/12/25 22:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions
[2012/09/19 06:41:56 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/09/24 08:36:27 | 000,000,000 | ---D | M] (Facebook Share Button) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}
[2012/12/19 13:19:07 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012/10/29 17:54:51 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/04 19:10:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/08/20 13:32:09 | 000,000,000 | ---D | M] (Image Lookup) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\jid0-KYedxzPo61jJx1uAL6vdRXFUFcs@jetpack
[2012/12/19 13:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions
[2010/06/18 10:34:44 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/11/20 10:38:39 | 000,000,000 | ---D | M] (FIRe-text) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{0a8596ce-feaa-3b01-e8b5-2972cc764d80}
[2012/09/25 06:35:14 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/01/01 07:42:04 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/07 09:49:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/09/25 06:35:15 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/06/12 16:13:40 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2012/09/25 06:35:18 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2010/10/21 10:10:10 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/11/13 08:19:04 | 000,000,000 | ---D | M] (Clip Extractor DB Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/02/01 16:45:50 | 000,000,000 | ---D | M] (Amplify) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}
[2012/09/25 06:35:18 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/03/30 16:41:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/13 09:06:45 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2011/12/24 21:54:10 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/09/25 06:35:19 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/09/25 06:35:35 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/12/19 13:18:57 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012/09/25 06:35:38 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2010/12/09 15:25:46 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/06/18 10:34:44 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2012/09/25 06:29:04 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2010/11/20 10:38:39 | 000,000,000 | ---D | M] (Browser Turns Editor) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/01/06 12:22:09 | 000,000,000 | ---D | M] (Springpad Extension) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/02/10 05:56:34 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2010/06/18 10:34:44 | 000,000,000 | ---D | M] (Reframe It) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2011/03/04 20:29:04 | 000,000,000 | ---D | M] (QuoteURLText) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:12 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:13 | 000,000,000 | ---D | M] (M86Security Secure Browsing) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2011/06/10 07:38:35 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:14 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2011/01/15 14:45:29 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\[email protected]
[2012/12/27 17:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions
[2012/12/09 09:30:28 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/12/13 13:08:42 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012/12/19 13:19:10 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012/12/09 09:30:28 | 000,000,000 | ---D | M] (Easy Copy) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:17:13 | 000,000,000 | ---D | M] (Copy PlusPlus) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\jid0-s5PCTtpvBvIHxfBGJpKz5iCefO8@jetpack
[2012/12/19 13:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions
[2012/05/07 12:32:23 | 000,000,000 | ---D | M] (Reader) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}
[2012/06/13 06:18:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/06/24 13:49:13 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/04/23 16:29:50 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/05/14 14:53:40 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2012/07/19 09:25:24 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
[2012/12/19 13:18:59 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012/06/13 16:51:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/20 14:24:13 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2013/01/08 20:18:38 | 000,161,958 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/05 17:16:33 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/05 08:42:16 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/05 17:22:48 | 000,023,073 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/09 07:21:27 | 000,141,440 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/04 06:48:37 | 000,167,640 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/04 07:52:15 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/23 06:31:08 | 000,066,400 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/04 06:56:52 | 000,012,071 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/06 19:31:41 | 001,598,107 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/05 17:22:48 | 000,056,364 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\[email protected]
[2013/01/05 17:23:17 | 000,122,054 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi
[2013/01/08 20:18:37 | 000,188,112 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.xpi
[2013/01/06 17:04:32 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/01/05 17:16:33 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\03eyoavo.SAFE\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2013/01/23 17:27:28 | 000,020,595 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/23 17:27:28 | 000,063,927 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/23 18:52:54 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/23 17:27:28 | 000,012,071 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/23 17:23:08 | 000,002,474 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/26 11:17:53 | 000,011,098 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2013/01/23 17:27:28 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\3zgzbpyd.NOTHING\extensions\[email protected]
[2012/11/03 13:21:19 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/21 11:10:51 | 000,084,037 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/21 11:10:51 | 000,063,927 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/09 13:30:17 | 000,161,226 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/12/08 06:07:53 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/18 18:01:19 | 000,060,749 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/08/15 11:27:33 | 000,012,071 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/21 11:10:51 | 000,074,993 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/08/20 13:35:48 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/12/25 22:35:34 | 000,051,527 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\[email protected]
[2012/09/04 15:54:58 | 000,011,166 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\{2de9b308-a84e-45ee-82e7-b48e5fe44258}.xpi
[2012/10/22 05:39:48 | 000,039,512 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2012/09/21 11:10:51 | 000,009,208 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\{c71ff04d-f001-1fc1-1fc1-c71ff04df007}.xpi
[2012/12/08 07:07:07 | 000,020,709 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\8b1llx4h.lightning cutdown\extensions\{cb60560d-4cdd-47ED-b4ba-54e403a0a82c}.xpi
[2011/03/31 09:52:50 | 000,004,953 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/03/14 05:09:38 | 000,028,980 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:06 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:06 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:06 | 000,063,927 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/01/14 12:53:17 | 002,337,376 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/01/14 12:53:36 | 002,338,019 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2011/08/05 12:05:49 | 000,052,154 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:10 | 000,081,602 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:10 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:34:07 | 000,521,783 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:34:24 | 000,969,518 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2011/08/05 12:05:49 | 001,085,841 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:10 | 000,046,260 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/01/20 16:05:43 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:34:03 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2011/07/06 06:58:30 | 000,009,339 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:10 | 000,087,157 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/01/20 16:05:43 | 000,074,993 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:13 | 000,097,710 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:13 | 000,056,403 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2011/09/15 13:58:45 | 000,021,592 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:35:14 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\[email protected]
[2012/09/25 06:34:03 | 000,084,654 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi
[2011/10/14 13:04:49 | 000,158,182 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}.xpi
[2012/09/25 06:35:15 | 000,150,579 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi
[2011/12/26 16:16:21 | 000,148,137 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
[2012/01/23 12:24:58 | 000,066,343 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{4aebcd37-f454-4928-9233-174a026ed367}.xpi
[2012/09/25 06:35:18 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2012/02/06 04:23:08 | 000,233,876 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/09/25 06:35:18 | 000,276,167 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/09/25 06:35:18 | 000,527,931 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011/08/24 13:54:21 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/09/25 06:35:18 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011/09/19 10:48:23 | 000,188,313 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{AFF0F480-EDE7-11DB-8BB2-438255D89593}.xpi
[2012/09/25 06:35:18 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/09/25 06:35:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/23 10:09:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/06/28 15:48:29 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2011/10/31 10:57:02 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/03/15 08:45:45 | 002,935,635 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
[2011/12/28 06:25:06 | 000,098,637 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{DA1B0AB5-7DD3-4066-BC2A-64AABBDD0A8B}.xpi
[2012/09/25 06:35:18 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/09/25 06:35:19 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/04/04 20:53:57 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/08/10 23:32:56 | 000,000,822 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\xpi-details.xsl
[2012/12/27 17:36:09 | 000,017,170 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/27 17:36:09 | 000,059,702 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/27 17:36:09 | 000,425,017 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:30:28 | 000,161,958 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/14 06:59:06 | 000,637,327 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:30:28 | 000,063,927 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/11 11:51:36 | 000,031,371 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/14 19:19:08 | 000,010,955 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:04:43 | 000,132,573 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:30:28 | 000,029,026 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]_easiestyoutube.xpi
[2012/12/10 09:45:34 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/14 06:59:06 | 000,066,391 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:30:28 | 000,019,486 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/09 09:30:28 | 000,012,071 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/14 06:59:06 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/14 06:59:06 | 000,169,939 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\[email protected]
[2012/12/13 13:08:43 | 000,010,944 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{09e4684b-dcac-4608-8b7d-58bef11fc323}.xpi
[2012/12/09 09:30:28 | 000,008,104 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{0a566650-a8e0-11e0-8264-0800200c9a66}.xpi
[2012/12/09 09:30:28 | 000,007,433 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{3869b071-0fae-4c75-948a-60d9c56ea02b}.xpi
[2012/12/09 09:30:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/12/10 05:27:38 | 000,015,585 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{70ded480-0a45-4099-84d1-65aa1cb1575e}.xpi
[2012/12/09 09:30:28 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/12/09 09:30:28 | 000,008,019 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{BEDA64CB-23A4-4672-8906-B92E5B48E67E}.xpi
[2012/12/09 09:30:28 | 000,070,081 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2012/12/10 05:27:38 | 000,068,771 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{D0AD45D6-8518-11DF-8AD2-3F67DFD72085}.xpi
[2012/12/27 17:36:09 | 000,012,601 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{daf2d9a0-e51c-46f8-8674-2e99755749ad}.xpi
[2012/12/18 06:06:31 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/12/14 06:59:06 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/12/09 09:30:28 | 000,024,671 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kj67jihf.default-1355003050493\extensions\{F56DD57A-6C9A-11DF-A760-371BDFD72085}.xpi
[2012/04/20 14:12:04 | 000,015,164 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/20 14:24:10 | 000,200,471 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/20 14:24:10 | 000,063,927 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/07/09 16:45:22 | 000,020,240 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/07/05 16:11:02 | 000,087,157 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/21 06:10:29 | 000,012,071 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/20 14:18:25 | 000,015,719 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/07/09 16:45:22 | 000,643,030 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/04/20 14:24:13 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/05/22 14:31:59 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\[email protected]
[2012/06/27 07:22:56 | 000,339,843 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/07/09 16:45:22 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/07/12 06:39:51 | 000,525,390 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/04/20 14:24:14 | 000,008,640 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi
[2012/07/13 06:30:28 | 000,061,228 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/06/17 12:03:07 | 000,413,408 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/04/20 14:24:14 | 000,254,273 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012/05/12 19:23:17 | 000,709,293 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/05/17 12:16:48 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/04/20 14:24:14 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\pcygg60b.0-fastfox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2010/11/24 12:31:40 | 000,002,569 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\askcom.xml
[2012/09/25 06:31:53 | 000,004,159 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\blekko.xml
[2011/03/31 12:04:33 | 000,002,246 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\google--nibbo.xml
[2012/09/25 06:31:52 | 000,000,870 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\robtex.xml
[2010/08/04 15:58:58 | 000,001,549 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\scroogle-ssl-search.xml
[2010/11/13 09:43:04 | 000,002,384 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\search.xml
[2010/08/04 15:58:10 | 000,001,855 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\searchalot.xml
[2012/12/19 13:18:05 | 000,002,687 | ---- | M] () -- C:\Users\owner\AppData\Roaming\mozilla\firefox\profiles\kcyd6e5u.default\searchplugins\Search_Results.xml
[2012/03/17 13:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/24 04:09:52 | 000,000,000 | ---D | M] (Ad Muncher Browser Extensions) -- D:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0
[2012/08/15 07:03:21 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- D:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
[2012/12/18 14:12:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2000/01/01 03:00:00 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/11/10 05:28:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/07/01 04:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2013/01/11 07:28:30 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/18 14:12:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/22 10:11:34 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/12/19 13:18:05 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/12/18 14:12:32 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://mail.google.com/mail/#inbox
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://mail.google.com/mail/#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_1\plugins/screen_capture.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: Chrome Toolbox Plugin (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\plugin/convenience.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\plugin/blackfishietab.dll
CHR - plugin: ProductName (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\plugin/NPIETab.dll
CHR - plugin: LightshotPlugin (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\3.0.0_0\npLightshot.dll
CHR - plugin: FireShot Chrome Plugin (Enabled) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.98.16_0\plugin/npfireshot.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: MyWebFace Installer Plugin Stub (Enabled) = C:\Program Files\MyWebFace_5aEI\Installr\1.bin\NP5aEISB.dll
CHR - plugin: Dragon NaturallySpeaking Rich Internet Application Support (Enabled) = C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = D:\Program Files\Nitro PDF\Reader\npnitromozilla.dll
CHR - plugin: VLC Web Plugin (Enabled) = d:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.7_0\
CHR - Extension: ChromeAccess = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh\1.6_0\
CHR - Extension: Amazebuy Air = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjikdcgahlgdeeolhphadjdkfcdhjlg\1.1_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.3_0\
CHR - Extension: Bounce = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajobbpobbpkfjhmofmglncdlcdloblli\0.0.0.4_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
CHR - Extension: Save this page with CleanSave = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammcjklapijbkcphjgmkmefhmheapjoa\4.5.3_0\
CHR - Extension: Ezy Apps = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\andbcllhihbcejpaeidmjaddnokkaplk\1.3.1_0\
CHR - Extension: Listhings = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aooobeadnfddkmlcfcmjhjldpbefmnjf\2.1_0\
CHR - Extension: Session Manager = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.22_0\
CHR - Extension: Zoho Assist = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgikopmemebmoikndmhapkhaaboapige\1.5.5_0\
CHR - Extension: Zoho Creator = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnodiipmoippogmkhfnbfpjandllmmb\1.1_0\
CHR - Extension: Auto Copy = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bijpdibkloghppkbmhcklkogpjaenfkg\2.1.1_0\
CHR - Extension: Vuru = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkomipldgcookljbkgffaegdaaohllb\2.0_0\
CHR - Extension: Web2PDFConverter = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk\2.4.4_0\
CHR - Extension: Open Attribute Picture Augment = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpbdominokioiebhhodcdejjcofbejl\0.1_0\
CHR - Extension: Minimalist for Everything [Beta] = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.5.20_0\
CHR - Extension: Radio Player Live = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle\2.1.7_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\3.2_0\
CHR - Extension: Adblock Plus = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Scroll To Top Button = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp\6.1.9_0\
CHR - Extension: Webpage & WebCam Screenshot = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.7.3_0\
CHR - Extension: Alexa Traffic Rank = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_1\
CHR - Extension: Tab Position Customizer = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldflinjcjehpjddjkohganfpjlnbpem\2.8.2_0\
CHR - Extension: wxDownload = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhbokpcahkpekhgejajhhhmpjnijdhe\4_0\
CHR - Extension: Weebly - Website Builder = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb\1.0.4_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\
CHR - Extension: BuiltWith Technology Profiler = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn\1.6_0\
CHR - Extension: Flag for Chrome = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: Spreaker = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddafmpeeklkcphjibilbjpcilfomdlic\1.4_0\
CHR - Extension: Speed Dial = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Lookup Companion for Wikipedia = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej\1.8.3_0\
CHR - Extension: Al Jazeera English = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmhidcnieiplicmhimkbfpiledfbdodo\1.3.2_0\
CHR - Extension: Beautiful QR Code generator = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkmjofjfechnmgaedinbgnkdgpodncf\1.0_0\
CHR - Extension: Email Game = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge\0.2_0\
CHR - Extension: Zoho Invoice = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj\1.1_0\
CHR - Extension: Desk.com - Customer Support Software = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eifkhmmfofnajlcjkncefghbihiiiecd\0.3_0\
CHR - Extension: Gmail Offline = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: KJV Simple Search Parallel Bible = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\embnbahdeijcjiennibceicifjaeibph\1.3_0\
CHR - Extension: TidyRead = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\emihmdgocahignhmlajgccbiaacoddej\1.4_0\
CHR - Extension: DoNotTrackMe = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.5.1209_0\
CHR - Extension: PanicButton = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: SurveyLegend = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\feioaojgjeanejmfdhchmapnamcgffnf\1.0.9.9_0\
CHR - Extension: Related Content by Zemanta = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejeknoakjeblidffkajbioncodnmhge\2.2.1_0\
CHR - Extension: Zoho Challenge = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhhocmbnjeoanablajdiljlimabijinc\1.1_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: Print this page with CleanPrint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.5.0_0\
CHR - Extension: Grimdi Animator = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkojlkbedcenfecoecpbemjpjonboaal\1.2_0\
CHR - Extension: WebMoney Advisor = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclcmokkcfnjpghegbnebiokigholeli\2.3.5_0\
CHR - Extension: The QR Code Generator = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: Taskforce = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc\1.5_0\
CHR - Extension: CircleCount.com = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfehmiknpngmjkhiieampgfppicbncid\2.0_0\
CHR - Extension: Share on Google Plus = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkobenbpcjmmejiokpopekegkpogbdn\1.9_0\
CHR - Extension: Certified Screenshot = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidbebhhkamojdpahpgmliaddcplobdn\0.4.0_0\
CHR - Extension: Certified Screenshot = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidbebhhkamojdpahpgmliaddcplobdn\0.4.0_0\.rej
CHR - Extension: AdBlock = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Yesware = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjnkapjmjfpipfcccnjbjcbgdnahpjp\1.70_0\
CHR - Extension: Acupoints = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\glnghjdmpccckjmannckgnilnbgfdllm\1.0.2_0\
CHR - Extension: DocuSign = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblijolcnempeilmnkmfbhohlpngemd\2.1.0.0_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Dropbox = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgpbkagmklnpnondomkicjgonpfomdi\1.2_0\
CHR - Extension: LastPass = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_0\
CHR - Extension: IE Tab = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: IssueBurner = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfedleddhfahcobdlpcnlgkccgapmhmj\1.42_0\
CHR - Extension: News.com.au = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfgmndeolbjlbnbcnhejnfbdcocfadc\1.0.0_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Rapportive = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.4.1_0\
CHR - Extension: Simple Highlighter = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\2.1.6.8_0\
CHR - Extension: Eye Dropper = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Resolution Test = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\
CHR - Extension: SnapPages = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iedpncdncgcneohjpggphlkhjofphgkf\1.0.1_0\
CHR - Extension: AutoPagerize = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp\0.3.5_0\
CHR - Extension: MindiT = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihemajldghjgjkkdcnbmlednbmjpddjl\1.0.6_0\
CHR - Extension: BookedIN = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iheobladblmphoggmehhahdfikpbilnj\1.0.16_0\
CHR - Extension: Clearly = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\8.3354.571.444_0\
CHR - Extension: Lois TTS US English = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcabofbhfighebggomnamjankeaplmhn\1.4_0\
CHR - Extension: Disconnect = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\4.1.1_0\
CHR - Extension: Downloads = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Zoomy = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfonhdeiaaflpgphemdgfkjimojblie\0.6.2_0\
CHR - Extension: Zoho Mail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjemfhbmnkbapnnmiadkbiaokccjnhge\1.1_0\
CHR - Extension: Vimeo Video Downloader = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjieadomkepcfnndlnkmmcehlghbafmk\3.0.1.3_0\
CHR - Extension: Extensity = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg\0.1.6_0\
CHR - Extension: Universo = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\joamekpghmpmbpcjjfpmfjhenhpidmep\1.2_0\
CHR - Extension: Coordinates = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kahliknbfelbmndacbdademgailcockh\0.0.0.1_0\
CHR - Extension: VideoReady = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfipmmlofadnnfphnofikbmhjicbkeno\1_0\
CHR - Extension: eBay Extension for Google Chrome\u2122 (by eBay) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.6.7_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.3.2_0\
CHR - Extension: Polldaddy = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfkkogkjicjpbkfcnhfdjfmmcpihajo\1_0\
CHR - Extension: Wave Accounting = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.5_0\
CHR - Extension: MegaUpload DownloadHelper = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekjckogogidfhpejjmaaekecplpdcg\1.2_0\
CHR - Extension: Webcam Toy = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.4_0\
CHR - Extension: Oweb Voice Input = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffebcpgjecadnkcmdcgklbnphfdjbck\29_0\
CHR - Extension: Simplebooklet = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhnhfkmicpmbafobnpegjhaihjinph\6.0_0\
CHR - Extension: Google Maps = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Clickable Links = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp\1.1.6_0\
CHR - Extension: Lightshot (screenshot tool) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\3.0.2_0\
CHR - Extension: Capture Webpage Screenshot - FireShot = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.98.27_0\
CHR - Extension: Download Master = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\2.0.2.0_0\
CHR - Extension: Explain and Send Screenshots = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\6.3_0\
CHR - Extension: Awesome New Tab Page = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.147.2.0_0\
CHR - Extension: IE Tab Classic = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Dragon NaturallySpeaking Rich Internet Application Support = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn\1.0_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.1_0\
CHR - Extension: Incredible StartPage - Productive Start Page for Chrome! = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh\1.6.2_0\
CHR - Extension: Essay Bank = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcmllgojobhgfbofffaenlfgpifegg\3_0\
CHR - Extension: Springpad Extension = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhgeimnepehieioinbhmfpphfoocmng\2.5.1109.21_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Zoho Reports = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhkiaiikklhjkbgopajnacalammmkbi\1.1_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Neat Bookmarks = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.8.30_0\
CHR - Extension: Quizazz = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofgahliiahlaffidbbbhnhoipbihfdh\1_0\
CHR - Extension: QR URL = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppbdeifhmhjlahlcplebmeklianffba\1.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: SEO for Chrome = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Better History = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.9.37_0\
CHR - Extension: AutoZoom = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch\0.9.8_0\
CHR - Extension: Extended Share for Google Plus = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenpjldbckebacipkfbcoppmiflglnib\4.0.2_0\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\11_0\
CHR - Extension: Vyew = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcldakngnllchlnncngiailfhidjjdp\4.11.0_0\
CHR - Extension: dotEPUB = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm\1.0.0_0\
CHR - Extension: SlideRocket = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.13.0.0_0\
CHR - Extension: SpeakIt! = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak\0.2.5_0\
CHR - Extension: Psykopaint = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.13_0\
CHR - Extension: Gmail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Publish5 - DIY Mobile App Creator = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljongdhniobjippcfefmkjnjkcbflfl\2.0_0\
CHR - Extension: iReader = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0\

O1 HOSTS File: ([2013/01/30 10:52:05 | 000,445,399 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15295 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files\Nuance\NaturallySpeaking12\Program\ieshim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (GretechBHO Class) - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files\GRETECH\GomPicker\GomPickerBHO1.dll (Gretech Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Clip Extractor DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Clip Extractor DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - d:\Program Files\CaptureSaverfree\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - d:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Clip Extractor DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Clip Extractor DB Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Ad Muncher] d:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BootNaMir] D:\Program Files\Wondershare\Time Freeze\BootSP.exe (Wondershare Software Co.,Ltd)
O4 - HKLM..\Run: [CamAppSTI.exe] C:\Program Files\USB2.0 PC Camera\CamAppSTI.exe (AVEO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [EaseUs Watch] d:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Everything] d:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nxpOEAPI] C:\Program Files\NXPowerLite\loadnxploeaddin.exe (Nektra S.A.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] C:\Program Files\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O4 - HKLM..\Run: [Super Screen Capture] d:\Program Files\Zeallsoft\Super Screen Capture\SSCapture.exe ()
O4 - HKLM..\Run: [TkBellExe] d:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VDownloader] d:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKCU..\Run: [AllMyNotes] D:\Program Files\AllMyNotes Organizer\AllMyNotes.exe (Vladonai Software (http://www.vladonai.com))
O4 - HKCU..\Run: [F.lux] C:\Users\owner\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [FileHippo.com] d:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [FreeDesktopTimer] File not found
O4 - HKCU..\Run: [Glary Memory Optimizer] D:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [Jing] D:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [PTT] d:\Programs\True Time Tracker\ttt.exe (ExtraSpy Software)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Sticky Pad] D:\Program Files\StickyPad\StickyPad.exe (Green Eclipse)
O4 - HKCU..\Run: [SystemExplorerAutoStart] d:\Program Files\System Explorer\SystemExplorer.exe (Mister Group)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking12\Program\natspeak.exe (Nuance Communications, Inc.)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O8 - Extra context menu item: Add to CaptureSaver - d:\Program Files\CaptureSaver\\AddFromIE.htm File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher...d=menu_ie_frame File not found
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher...d=menu_ie_image File not found
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher...id=menu_ie_link File not found
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher...menu_ie_exclude File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher...=menu_ie_report File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - d:\Program Files\CaptureSaverfree\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2B89A9-3AAA-43E9-B525-9447604DB692}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - D:\Program Files\System Explorer\SystemExplorer.exe (Mister Group)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (NaBootMir)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 09:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\spybot
[2013/01/30 09:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\VideoDownloadConverter_4zEI
[2013/01/29 13:47:19 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spiceworks
[2013/01/27 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2013/01/27 20:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/27 20:24:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/01/27 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ParetoLogic
[2013/01/27 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DriverCure
[2013/01/27 19:04:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013/01/27 19:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013/01/27 19:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/01/26 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Nitro
[2013/01/26 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FileOpen
[2013/01/26 11:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/01/26 11:11:40 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\windows\System32\nitrolocalmon2.dll
[2013/01/26 11:11:40 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\windows\System32\nitrolocalui2.dll
[2013/01/26 11:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro
[2013/01/26 11:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013/01/26 11:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/01/26 09:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyPC Client
[2013/01/26 09:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\AnyPC Client
[2013/01/26 09:04:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2013/01/26 08:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2013/01/23 13:11:40 | 000,000,000 | -H-D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2013/01/22 17:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Desktop Timer
[2013/01/22 17:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jegas
[2013/01/21 14:57:51 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\DonationCoder
[2013/01/21 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\DonationCoder
[2013/01/21 14:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
[2013/01/21 14:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2013/01/21 14:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZeallSoft
[2013/01/21 14:14:23 | 001,628,358 | ---- | C] (ZeallSoft, Inc. ) -- C:\Users\owner\Desktop\fscsetup.exe
[2013/01/21 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\BigStretch
[2013/01/21 13:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reminder
[2013/01/21 13:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alarm
[2013/01/21 11:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2013/01/21 11:53:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LightShot
[2013/01/21 11:53:23 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Skillbrains
[2013/01/16 06:51:22 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\VDownloader
[2013/01/16 06:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/01/16 06:51:02 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\VDownloader
[2013/01/16 06:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
[2013/01/14 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\FreeFileViewer
[2013/01/14 05:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/01/14 05:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2013/01/14 05:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/12 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{6DA2AAD0-133E-4B97-883B-56855F5ABDF5}
[2013/01/12 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/10 06:35:37 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\AVG Secure Search
[2013/01/10 06:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/01/10 06:35:13 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2013/01/10 06:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/01/10 06:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/01/09 08:23:35 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{CCFECB87-47BC-41C3-BF02-B64CC2803179}
[2013/01/08 17:26:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\{84EF46A4-628B-4EAB-97C2-F07F81CEC359}
[2013/01/07 08:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 4
[2013/01/04 08:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Current Worldwide LLC
[2013/01/04 08:36:25 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Box
[2013/01/02 05:43:41 | 000,052,728 | ---- | C] (NetFilterSDK.com) -- C:\windows\System32\drivers\networx.sys
[2013/01/01 09:51:32 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\windows\System32\drivers\DrvAgent32.sys
[2013/01/01 09:51:32 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\eSupport.com
[2013/01/01 09:15:01 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SystemSecurityGuard
[2013/01/01 09:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Security Guard
[2013/01/01 08:58:30 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Uniblue
[2013/01/01 08:49:12 | 000,020,712 | ---- | C] (REALiX™) -- C:\windows\System32\drivers\HWiNFO32.SYS
[2010/06/28 11:53:28 | 003,782,822 | ---- | C] (DownloadHelper ) -- C:\Users\owner\ConvertHelperSetup.exe
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 11:45:00 | 000,000,376 | ---- | M] () -- C:\windows\tasks\update-S-1-5-21-1960565919-1517230369-2150278066-1000.job
[2013/01/30 11:37:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1960565919-1517230369-2150278066-1000UA.job
[2013/01/30 11:35:22 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 11:35:22 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 11:30:59 | 000,000,312 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013/01/30 11:28:08 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30 [3].ddb
[2013/01/30 11:26:28 | 000,000,378 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/30 11:24:11 | 000,000,374 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2013/01/30 11:23:12 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 11:23:12 | 000,000,470 | ---- | M] () -- C:\windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/01/30 11:23:11 | 000,000,346 | -H-- | M] () -- C:\windows\tasks\WxDFastUpdaterTask{5685D2BB-B0F2-4199-9339-33E4AA6C6C57}.job
[2013/01/30 11:23:10 | 000,000,328 | ---- | M] () -- C:\windows\tasks\DriverScanner.job
[2013/01/30 11:22:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/30 11:22:30 | 3738,816,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/30 11:20:27 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb
[2013/01/30 11:12:00 | 000,000,376 | ---- | M] () -- C:\windows\tasks\update-sys.job
[2013/01/30 11:09:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 11:05:02 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 10:52:05 | 000,445,399 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/01/30 10:12:40 | 000,445,399 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20130130-105205.backup
[2013/01/30 09:52:25 | 000,000,938 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2013/01/30 09:52:25 | 000,000,938 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/01/30 09:29:22 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30 [2].ddb
[2013/01/30 08:59:43 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30.ddb
[2013/01/30 08:53:24 | 000,000,444 | ---- | M] () -- C:\windows\tasks\ParetoLogic Registration3.job
[2013/01/30 05:32:37 | 000,000,386 | ---- | M] () -- C:\windows\tasks\RegCure Pro.job
[2013/01/29 21:42:54 | 000,000,761 | ---- | M] () -- C:\Users\owner\Desktop\Spiceworks Desktop.lnk
[2013/01/29 09:29:39 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-29.ddb
[2013/01/28 18:06:35 | 000,140,080 | ---- | M] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-28.ddb
[2013/01/28 07:13:40 | 000,001,049 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/27 21:08:54 | 000,000,418 | ---- | M] () -- C:\windows\tasks\ParetoLogic Update Version3.job
[2013/01/27 20:24:22 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 19:04:13 | 000,000,870 | ---- | M] () -- C:\Users\owner\Desktop\RegCure Pro.lnk
[2013/01/27 06:37:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1960565919-1517230369-2150278066-1000Core.job
[2013/01/26 16:14:49 | 000,192,104 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/01/26 11:11:36 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/01/26 10:24:38 | 000,001,079 | ---- | M] () -- C:\Users\owner\Desktop\CyberLink YouCam.lnk
[2013/01/26 10:15:29 | 000,002,050 | ---- | M] () -- C:\windows\HotFixList.ini
[2013/01/26 09:54:56 | 000,001,646 | ---- | M] () -- C:\Users\Public\Desktop\AnyPC.lnk
[2013/01/26 09:49:57 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\User Guide.lnk
[2013/01/26 09:44:15 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\windows\SetLCDStretchMode.exe
[2013/01/26 09:43:49 | 000,406,528 | ---- | M] (Samsung Electronics) -- C:\windows\HotfixChecker.exe
[2013/01/26 08:57:24 | 000,001,202 | ---- | M] () -- C:\windows\System32\WLL3141.cfgx
[2013/01/26 08:57:18 | 002,824,704 | ---- | M] (Askey Computer Corporation.) -- C:\windows\System32\AInst3141.exe
[2013/01/23 19:38:10 | 001,851,392 | ---- | M] () -- C:\Users\owner\Documents\MyCalendar.ecfx
[2013/01/23 14:09:53 | 000,003,075 | ---- | M] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT
[2013/01/23 10:05:10 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Klok2.lnk
[2013/01/23 07:24:17 | 000,875,722 | ---- | M] () -- C:\Users\owner\Documents\screenpakcurtain.themepack
[2013/01/22 17:58:58 | 000,000,783 | ---- | M] () -- C:\Users\owner\Desktop\Free Desktop Timer.lnk
[2013/01/22 17:44:39 | 000,000,972 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Springli Timer.lnk
[2013/01/22 17:11:19 | 000,000,769 | ---- | M] () -- C:\Users\owner\Desktop\Free Alarm Clock.lnk
[2013/01/22 16:15:40 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2013/01/22 05:34:34 | 000,000,785 | ---- | M] () -- C:\Users\owner\Desktop\Screenshot Captor.lnk
[2013/01/22 04:55:17 | 000,718,248 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/01/22 04:55:17 | 000,143,992 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/01/21 14:57:51 | 000,000,058 | ---- | M] () -- C:\Users\owner\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/01/21 14:15:11 | 000,001,058 | ---- | M] () -- C:\Users\owner\Desktop\ZeallSoft Products.lnk
[2013/01/21 14:15:11 | 000,000,970 | ---- | M] () -- C:\Users\owner\Desktop\Super Screen Capture.lnk
[2013/01/21 14:15:11 | 000,000,970 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Super Screen Capture.lnk
[2013/01/21 14:14:35 | 001,628,358 | ---- | M] (ZeallSoft, Inc. ) -- C:\Users\owner\Desktop\fscsetup.exe
[2013/01/21 13:49:47 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Big Stretch Reminder Program.lnk
[2013/01/21 13:49:47 | 000,000,865 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Big Stretch Reminder Program.lnk
[2013/01/21 11:53:30 | 000,000,542 | ---- | M] () -- C:\Users\owner\AppData\Local\UserProducts.xml
[2013/01/21 11:00:45 | 000,001,414 | ---- | M] () -- C:\Users\owner\Desktop\storm.pacifichost.com Secure WebDisk.lnk
[2013/01/19 07:46:02 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/16 06:51:02 | 000,000,835 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2013/01/16 06:51:01 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2013/01/14 22:30:24 | 000,027,152 | ---- | M] (Nitro PDF Software) -- C:\windows\System32\nitrolocalmon2.dll
[2013/01/14 22:30:24 | 000,018,448 | ---- | M] (Nitro PDF Software) -- C:\windows\System32\nitrolocalui2.dll
[2013/01/14 18:45:41 | 000,000,653 | ---- | M] () -- C:\Users\owner\Desktop\XnView.lnk
[2013/01/14 05:51:37 | 000,000,867 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/01/14 05:48:31 | 000,000,762 | ---- | M] () -- C:\Users\owner\Desktop\Glary Utilities.lnk
[2013/01/14 05:44:48 | 000,001,065 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/14 05:44:48 | 000,001,041 | ---- | M] () -- C:\Users\owner\Desktop\FreeFileViewer.lnk
[2013/01/13 08:49:10 | 000,001,994 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/10 06:35:24 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/01/10 06:35:24 | 000,000,903 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2013/01/10 06:34:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2013/01/07 08:57:26 | 000,000,823 | ---- | M] () -- C:\Users\owner\Desktop\Artisteer 4.lnk
[2013/01/07 08:57:26 | 000,000,823 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Artisteer 4.lnk
[2013/01/04 08:36:27 | 000,002,274 | ---- | M] () -- C:\Users\owner\Desktop\Box.lnk
[2013/01/04 06:08:53 | 000,000,863 | ---- | M] () -- C:\Users\owner\Desktop\Update Checker.lnk
[2013/01/01 09:51:34 | 000,001,099 | ---- | M] () -- C:\Users\owner\Desktop\BiosAgent Plus.lnk
[2013/01/01 09:51:32 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\windows\System32\drivers\DrvAgent32.sys
[2013/01/01 09:14:51 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2013/01/01 09:14:51 | 000,000,819 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2013/01/01 08:49:12 | 000,020,712 | ---- | M] (REALiX™) -- C:\windows\System32\drivers\HWiNFO32.SYS
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/30 11:28:08 | 000,140,080 | ---- | C] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30 [3].ddb
[2013/01/30 09:52:25 | 000,000,938 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2013/01/30 09:52:25 | 000,000,938 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/01/30 09:29:22 | 000,140,080 | ---- | C] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30 [2].ddb
[2013/01/30 08:59:43 | 000,140,080 | ---- | C] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-30.ddb
[2013/01/29 21:42:54 | 000,000,761 | ---- | C] () -- C:\Users\owner\Desktop\Spiceworks Desktop.lnk
[2013/01/29 09:29:39 | 000,140,080 | ---- | C] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-29.ddb
[2013/01/28 18:06:35 | 000,140,080 | ---- | C] () -- C:\Users\owner\Documents\AllMyNotes Documents.ddb - backup 13-01-28.ddb
[2013/01/27 20:24:22 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 19:04:42 | 000,000,444 | ---- | C] () -- C:\windows\tasks\ParetoLogic Registration3.job
[2013/01/27 19:04:13 | 000,000,870 | ---- | C] () -- C:\Users\owner\Desktop\RegCure Pro.lnk
[2013/01/27 19:04:13 | 000,000,470 | ---- | C] () -- C:\windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/01/27 19:04:13 | 000,000,418 | ---- | C] () -- C:\windows\tasks\ParetoLogic Update Version3.job
[2013/01/27 19:04:12 | 000,000,386 | ---- | C] () -- C:\windows\tasks\RegCure Pro.job
[2013/01/26 11:11:36 | 000,002,487 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk
[2013/01/26 11:11:36 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2013/01/26 10:51:55 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 09:54:56 | 000,001,646 | ---- | C] () -- C:\Users\Public\Desktop\AnyPC.lnk
[2013/01/26 09:04:43 | 000,001,079 | ---- | C] () -- C:\Users\owner\Desktop\CyberLink YouCam.lnk
[2013/01/23 07:24:17 | 000,875,722 | ---- | C] () -- C:\Users\owner\Documents\screenpakcurtain.themepack
[2013/01/22 17:58:58 | 000,000,783 | ---- | C] () -- C:\Users\owner\Desktop\Free Desktop Timer.lnk
[2013/01/22 17:44:39 | 000,000,972 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Springli Timer.lnk
[2013/01/22 16:15:40 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2013/01/21 14:57:51 | 000,000,058 | ---- | C] () -- C:\Users\owner\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/01/21 14:50:24 | 000,000,785 | ---- | C] () -- C:\Users\owner\Desktop\Screenshot Captor.lnk
[2013/01/21 14:15:11 | 000,001,058 | ---- | C] () -- C:\Users\owner\Desktop\ZeallSoft Products.lnk
[2013/01/21 14:15:11 | 000,000,970 | ---- | C] () -- C:\Users\owner\Desktop\Super Screen Capture.lnk
[2013/01/21 14:15:11 | 000,000,970 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Super Screen Capture.lnk
[2013/01/21 13:49:47 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Big Stretch Reminder Program.lnk
[2013/01/21 13:49:47 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Big Stretch Reminder Program.lnk
[2013/01/21 13:34:05 | 000,000,769 | ---- | C] () -- C:\Users\owner\Desktop\Free Alarm Clock.lnk
[2013/01/21 11:53:30 | 000,000,542 | ---- | C] () -- C:\Users\owner\AppData\Local\UserProducts.xml
[2013/01/21 11:53:30 | 000,000,376 | ---- | C] () -- C:\windows\tasks\update-S-1-5-21-1960565919-1517230369-2150278066-1000.job
[2013/01/21 11:53:29 | 000,000,376 | ---- | C] () -- C:\windows\tasks\update-sys.job
[2013/01/21 10:59:36 | 000,001,414 | ---- | C] () -- C:\Users\owner\Desktop\storm.pacifichost.com Secure WebDisk.lnk
[2013/01/16 06:51:02 | 000,000,835 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2013/01/16 06:51:01 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013/01/16 06:51:01 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2013/01/14 05:51:45 | 000,000,328 | ---- | C] () -- C:\windows\tasks\DriverScanner.job
[2013/01/14 05:51:37 | 000,000,867 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/01/14 05:44:56 | 000,000,378 | ---- | C] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/01/14 05:44:48 | 000,001,065 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2013/01/14 05:44:48 | 000,001,041 | ---- | C] () -- C:\Users\owner\Desktop\FreeFileViewer.lnk
[2013/01/07 08:57:26 | 000,000,823 | ---- | C] () -- C:\Users\owner\Desktop\Artisteer 4.lnk
[2013/01/07 08:57:26 | 000,000,823 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Artisteer 4.lnk
[2013/01/04 08:36:27 | 000,002,282 | ---- | C] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Box.lnk
[2013/01/04 08:36:27 | 000,002,274 | ---- | C] () -- C:\Users\owner\Desktop\Box.lnk
[2013/01/01 09:51:34 | 000,001,099 | ---- | C] () -- C:\Users\owner\Desktop\BiosAgent Plus.lnk
[2013/01/01 09:14:51 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\System Security Guard.lnk
[2013/01/01 09:14:51 | 000,000,819 | ---- | C] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\System Security Guard.lnk
[2012/12/28 20:11:53 | 000,000,126 | ---- | C] () -- C:\Users\owner\wxDownloadFast.ini
[2012/08/09 16:44:51 | 000,001,024 | ---- | C] () -- C:\Users\owner\.rnd
[2012/08/08 19:06:17 | 000,000,000 | ---- | C] () -- C:\Users\owner\ping
[2012/06/06 12:53:59 | 000,000,600 | ---- | C] () -- C:\Users\owner\AppData\Local\PUTTY.RND
[2012/05/07 08:33:27 | 000,134,045 | ---- | C] () -- C:\windows\ColorPic Uninstaller.exe
[2012/05/04 06:22:22 | 000,053,299 | ---- | C] () -- C:\windows\System32\pthreadVC.dll
[2012/01/22 11:31:17 | 000,000,224 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2012/01/06 12:59:51 | 000,000,186 | ---- | C] () -- C:\windows\System32\CleanMem.ini
[2011/12/20 14:06:33 | 000,218,112 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SharedSettings.ccs
[2011/12/14 04:30:19 | 000,000,105 | -HS- | C] () -- C:\Users\owner\AppData\Local\00000021
[2011/12/10 18:08:35 | 000,012,288 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/18 11:47:46 | 000,000,893 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011/11/18 11:47:46 | 000,000,161 | ---- | C] () -- C:\windows\brpcfx.ini
[2011/11/18 11:47:11 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf06a.dat
[2011/11/18 11:47:10 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/11/18 11:47:10 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011/10/29 21:24:46 | 000,161,825 | ---- | C] () -- C:\windows\DP Animation Maker Uninstaller.exe
[2011/06/16 17:27:21 | 000,000,167 | ---- | C] () -- C:\Users\owner\udownload.dat
[2011/04/01 09:26:10 | 000,000,022 | -HS- | C] () -- C:\Users\owner\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/03/17 15:01:00 | 000,053,248 | ---- | C] () -- C:\windows\System32\ZLIB.DLL
[2011/02/27 09:53:34 | 000,000,858 | ---- | C] () -- C:\windows\nsreg.dat
[2011/02/27 09:51:24 | 000,000,216 | ---- | C] () -- C:\windows\Ulead32.ini
[2011/02/22 11:38:51 | 000,000,039 | ---- | C] () -- C:\Users\owner\dlmgr_.pro
[2011/02/15 22:46:02 | 014,454,784 | ---- | C] () -- C:\windows\System32\common_res.dll
[2010/11/08 14:55:27 | 000,000,645 | ---- | C] () -- C:\Users\owner\AppData\Roaming\mainhst.zgh
[2010/10/30 16:50:37 | 000,000,594 | ---- | C] () -- C:\Users\owner\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2010/09/15 10:39:18 | 000,000,023 | ---- | C] () -- C:\Users\owner\.gtk-bookmarks
[2010/07/21 08:19:58 | 000,000,093 | ---- | C] () -- C:\Users\owner\AppData\Local\fusioncache.dat
[2010/07/09 21:41:36 | 000,000,009 | ---- | C] () -- C:\Users\owner\AppData\Roaming\tabbles_hwnd_main
[2010/07/09 21:41:35 | 000,000,009 | ---- | C] () -- C:\Users\owner\AppData\Roaming\tabbles_hwnd_quick_link
[2010/07/02 16:05:45 | 000,007,654 | ---- | C] () -- C:\Users\owner\AppData\Local\Resmon.ResmonCfg
[2010/06/28 07:15:06 | 000,134,938 | ---- | C] () -- C:\Users\owner\randomimage.zip
[2010/06/19 19:43:59 | 155,184,736 | ---- | C] () -- C:\Users\owner\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
[2010/06/17 18:57:11 | 000,003,075 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT
[2010/03/25 14:47:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}\data\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/08/10 23:32:56 | 000,000,596 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/28 13:20:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Affilorama
[2012/10/16 21:26:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AllDup
[2011/03/09 20:38:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Apowersoft
[2012/07/30 06:48:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Artisteer
[2012/11/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity
[2013/01/09 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AUSkey
[2012/01/10 15:54:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\calibre
[2012/12/09 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CaptureSaver
[2010/07/01 18:42:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CBS Interactive
[2010/08/27 12:43:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CherryPickerLive
[2011/12/20 15:41:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CoffeeCup Software
[2011/06/10 07:38:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CoreFTP
[2011/05/19 21:18:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Digiarty
[2013/01/21 14:57:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DonationCoder
[2013/01/26 11:09:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Downloaded Installations
[2013/01/27 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DriverCure
[2013/01/30 11:27:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Dropbox
[2012/12/06 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DVDVideoSoft
[2012/12/06 19:03:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/16 12:29:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Easy Watermark Studio
[2011/04/19 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\eBookPro6
[2012/05/07 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Efficient Calendar Free
[2011/02/02 08:14:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Efficient Reminder
[2011/04/04 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Efficient Reminder Free
[2012/11/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\enchant
[2012/08/05 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\eXPert PDF 6
[2011/12/10 06:54:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FaceOffMax
[2012/09/02 07:52:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FamilyTreeMaker
[2013/01/26 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FileOpen
[2012/06/18 20:53:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FileZilla
[2012/04/07 19:18:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FireShot
[2011/04/05 11:31:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Foxit Software
[2013/01/14 11:34:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\FreeFileViewer
[2010/08/11 07:15:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Genie-Soft
[2012/11/02 06:11:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2013/01/14 05:48:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GlarySoft
[2011/11/26 13:08:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
[2010/09/15 10:39:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0
[2011/11/12 08:23:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IrfanView
[2012/08/14 07:14:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\IsolatedStorage
[2012/03/01 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1
[2012/08/13 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\KompoZer
[2011/01/21 08:45:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Kristanix Software
[2012/04/15 13:07:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2011/11/10 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LibreOffice
[2011/03/19 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Likno Software
[2011/04/30 16:42:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\LizardTech
[2012/09/10 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Lunascape
[2011/10/01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Magic Landscape Filter
[2012/03/17 12:46:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\MAGIX
[2012/12/01 17:47:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ManyCam
[2011/03/26 14:46:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mediAvatar
[2011/04/19 13:39:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Mobipocket
[2011/02/24 21:23:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NCH Swift Sound
[2013/01/26 11:12:14 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nitro
[2012/08/26 08:12:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nitro PDF
[2011/02/22 10:01:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Notepad++
[2010/09/13 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\NoteTab Pro
[2012/08/30 15:59:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nuance
[2011/07/05 11:15:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenCandy
[2012/06/14 13:10:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenDNS Updater
[2010/06/19 07:36:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2012/05/18 11:53:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Opera
[2012/06/22 08:39:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
[2011/11/29 13:28:06 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Pamela
[2013/01/27 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ParetoLogic
[2010/10/26 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC Doc Pro
[2011/11/20 13:02:31 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PC-FAX TX
[2011/11/26 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ProgSense
[2010/12/16 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Q-Dir
[2012/11/02 06:11:15 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SlimBrowser
[2011/02/08 07:48:19 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SnmpSoft
[2013/01/01 04:57:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SoftGrid Client
[2012/01/07 06:46:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Software Informer
[2011/02/05 14:06:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spacejock Software
[2010/12/16 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Stardock
[2011/06/18 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SuperUtils.com
[2010/11/11 17:44:42 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemRequirementsLab
[2013/01/30 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SystemSecurityGuard
[2010/07/09 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Tabbles
[2011/06/30 12:36:07 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TeamViewer
[2012/07/23 08:29:39 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\temp
[2012/01/22 11:31:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template
[2011/04/04 21:17:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\thecleaner
[2010/12/18 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\thriXXX
[2010/06/30 21:19:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2012/01/22 10:30:20 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TP
[2012/03/28 13:20:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Traffic Travis v4
[2010/08/24 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TrafficAnarchy
[2012/07/08 12:47:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TuneUp Software
[2010/12/16 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\TweakNow PowerPack 2010
[2011/02/27 10:16:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Ulead Systems
[2013/01/01 08:58:30 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Uniblue
[2012/09/08 09:18:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\uTorrent
[2013/01/16 08:54:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\VDownloader
[2012/11/02 06:11:16 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Web Page Maker
[2012/09/18 06:50:58 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Windows Live Writer
[2010/11/05 16:17:33 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WordWeb
[2013/01/23 13:51:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\XnView
[2011/06/27 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Yoono
[2011/12/12 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Zentimo
[2010/11/08 18:53:26 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ZipGenius
[2012/04/18 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Zotero
[2012/04/13 08:13:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\{90140011-0061-0409-0000-0000000FF1CE}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:85551434
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89E0EA3E

< End of report >

Attached Files

  • Attached File  OTL.Txt   345.09KB   83 downloads

  • 0

Advertisements

#2
Jintan
Posted 02 February 2013 - 04:46 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go himagaintoo,

A good bit of adware showing here. Let's run two more scans then start some repairs.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Download RogueKiller (http://www.sur-la-to...om/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement: ).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#3
himagaintoo
Posted 03 February 2013 - 01:22 AM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jintan,
Thanks for your fast response!
I've tried to use RogueKiller as per your advice but after MANY attempts trying different things re activity on the PC , nothing worked. RogueKiller starts ok, but as soon as I hit the SCAN option Windows kills it.

Whatever it is, ghribi has continued to affect the system. Firefox stopped loading at all. a new download is working for now, but the system is definitely dying - being killed.

Sorry about the large image, but my capture programs have stopped working except for PTSCREEN !
I changed the name as you can see, but no effect..

I will go get the second program if I can and try it.
As mentioned - other programs including Kapersky find nothing. ?????

I'm also suffering from my location: S.E. Queensland Australia. The Net connection is always spasmodic at peak times and often fails completely from its av. speed of 4mbps (that's download not upload!)

Hope this gets thru - it's Sunday and peak time for kids on the Net .....






Edited by himagaintoo, 08 February 2013 - 03:09 AM.

  • 0

#4
himagaintoo
Posted 03 February 2013 - 01:57 AM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Not sure what is happening here - either!
I've enclosed an image which has posted as text - massive!
BUT on EDIT it shows the image.???

Can't insert it because this Bulletin Borad Program demands a URL. and I can't do anythng much with my dying system.
Your BBS says "No file was selected for upload"...... 4 times.... :-(

Sorry if it just bogs as text your end.............

But the sad fact is that the RogueKiller didn't work in any guise..... :-(

Jack



  • 0

#5
Jintan
Posted 03 February 2013 - 03:41 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
RogueKiller was only in scan mode, so no changes made. But I'll need you to help me out with what you just posted. What scan results is that supposed to be? HijackThis?
  • 0

#6
Jintan
Posted 03 February 2013 - 04:10 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I should mention, you have quite a bit of adware loading in each of your browsers there. Just need to see either the OTL Extras.txt log (you posted the OTL.log, and also attached it, but not the Extras.txt log), or the HijackThis Uninstall list before we move forward.

If it helps, access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

Also, follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps.
  • 0

#7
himagaintoo
Posted 04 February 2013 - 06:42 PM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jintan,
I have attached the two txt files.
The large file was only an image of my screen, showing that Windows was closing the killer (now called Winlogon.com).
(I'll try it again to send it separate to this just in case!)

I have run several scans with Malware and Kaspinsky since and SOMETHING has partially worked at least! My System is now working!
BUT the warning that first identified the virus to me which was that you can't assign a display page to startup is still happening: Can't add an image to the display that "sticks" . As I refresh the Desktop the selected image flashes for about 1 second then vanishes. Strangely, colour changes to the display borders works.

Thanks,

Jack

Attached Files

  • Attached File  Extras.Txt   107.46KB   180 downloads
  • Attached File  OTL.Txt   345.09KB   89 downloads

  • 0

#8
himagaintoo
Posted 04 February 2013 - 07:04 PM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the Image of the screen as the Killer is closed by Windows.
It does list a file just as it happens, but the Killer display itself vanishes before I can identify the file details.
Also the program display is fixed and can't be resized - (Not sure if in the program itself or due to the virus!)

Cheers?


Attached Files


  • 0

#9
Jintan
Posted 04 February 2013 - 07:52 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Your antivirus was completely disabled when you ran RogueRemover? What created that previous log - the one with all the jumbled characters?

First follow the steps here to disable SpyBot's TeaTimer, as it will interfere with the repairs. Be sure to do all the steps. That, or your antivirus program, may have stopped RogueKiller.



You seem to have a serious overload of installed programs. You really may want to start uninstalling those you don't use, or use often. I'll mention a few to uninstall, but I know there are more that add unwanted things.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Ask Toolbar - Adware, spyware, search hijacker.
Bing Desktop - Heavy resource waste. May just want to uninstall any Bing installs.
Uniblue DriverScanner - Nothing from Uniblue is considered legit.
RegCure Pro - Does nearly nothing, demands payment.
PC Doc Pro - Questionable "fixit" program that purports to clean the Registry (which needs no "cleaning").
Ad Muncher - Ineffective.
AVG Security Toolbar - Search hijacker.
Clip Extractor DB Toolbar - Search hijacker.
FileHippo.com Update Checker - Not necessary.
iLivid - Adware.
Search-Results Toolbar - Adware, spyware, search hijacker.
SetBrowser - Adware, spyware, search hijacker.
SpeedItup Free - Scam program.
System Security Guard - Not known to be effective against malware.
CaptureSaverfree - Adware, spyware, search hijacker.

Then reboot.

--------

Try RogueKiller again.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • 0

#10
himagaintoo
Posted 06 February 2013 - 06:15 PM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jintan,
Here are the results of your latest advice:
1. After deleting your suggested programs
2. D/L and run AWcleaner successfully
3. re-run roguekiller successfully

RogueKiller finally completed a full run! :-)
I haven't deleted any of its findings, am sending the reports now.

I had disabled Spybot/teatimer earlier and I used RTF file to contain the screen image as screencapture service was disabled(!).
I am hoping that the reports show that I can delete the found files and I'll run everything again, then.

Cheers!
I'm finally seeing a bit of hope! :-)

Attached Files


  • 0

#11
Jintan
Posted 06 February 2013 - 06:25 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I need you to post the logs here, in your request thread please.


RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 02/07/2013 09:46:53
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[DLL] explorer.exe -- C:\Windows\explorer.exe : C:\ProgramData\AllDup\FEShlExt.dll -> UNLOADED

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : DNS7reminder ("C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini") -> FOUND
[TASK][SUSP PATH] WxDFastUpdaterTask{5685D2BB-B0F2-4199-9339-33E4AA6C6C57}.job : C:\ProgramData\WxDFast\WxDFast1.exe /schedule /profilepath "C:\ProgramData\WxDFast\profile.ini" -> FOUND
[STARTUP][SUSP PATH] CNET TechTracker.lnk @owner-pc : C:\Users\owner\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> FOUND
[IFEO] HKLM\[...]\taskmgr.exe : debugger ("d:\Program Files\System Explorer\SystemExplorer.exe") -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2fe0b3e6aa181853b14ec2bd58305af5
[BSP] 071138209bbc0223e651de44f51ee6c2 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 230738 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 504215552 | Size: 230740 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[12]_S_02072013_02d0946.txt >>
RKreport[10]_PR_02052013_02d0813.txt ; RKreport[11]_DN_02052013_02d0813.txt ; RKreport[12]_S_02072013_02d0946.txt ; RKreport[1]_H_02052013_02d0754.txt ; RKreport[2]_PR_02052013_02d0755.txt ;
RKreport[3]_DN_02052013_02d0755.txt ; RKreport[4]_SC_02052013_02d0805.txt ; RKreport[5]_PR_02052013_02d0808.txt ; RKreport[6]_H_02052013_02d0808.txt ; RKreport[7]_DN_02052013_02d0808.txt ;
RKreport[8]_SC_02052013_02d0811.txt ; RKreport[9]_H_02052013_02d0813.txt

----------

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 08:14:55
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : owner - FABLOR-1
# Boot Mode : Normal
# Running from : D:\DOWNLOADS\0- 0 temp downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\03eyoavo.SAFE\searchplugins\Askcom.xml
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\searchplugins\Askcom.xml
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\searchplugins\search.xml
File Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\owner\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\search results toolbar
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\wxDfast
Folder Deleted : C:\Users\me\AppData\Local\Babylon
Folder Deleted : C:\Users\me\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\me\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\me\AppData\Roaming\Babylon
Folder Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\s5zkts12.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\s5zkts12.default\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\Local\APN
Folder Deleted : C:\Users\owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\owner\AppData\Local\Ilivid
Folder Deleted : C:\Users\owner\AppData\Local\OpenCandy
Folder Deleted : C:\Users\owner\AppData\Local\TempDir
Folder Deleted : C:\Users\owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\owner\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\03eyoavo.SAFE\extensions\[email protected]
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\ConduitCommon
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\CT3196716
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\ilividtoolbarguid
Folder Deleted : C:\Users\owner\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\owner-pc\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\owner-pc\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\owner-pc\AppData\Roaming\Mozilla\Firefox\Profiles\o9usq19e.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Folder Deleted : C:\Users\owner-pc\AppData\Roaming\Mozilla\Firefox\Profiles\o9usq19e.default\ilividtoolbarguid
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\SMTTB2009
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKU\S-1-5-21-1960565919-1517230369-2150278066-1007\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKU\S-1-5-21-1960565919-1517230369-2150278066-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\S-1-5-21-1960565919-1517230369-2150278066-1007\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKU\S-1-5-21-1960565919-1517230369-2150278066-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/clipextractor/{54AFFF0B-ACF3-40B0-B641-EF2CCCB87923} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/clipextractor/{54AFFF0B-ACF3-40B0-B641-EF2CCCB87923} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\03eyoavo.SAFE\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={5C7A952C-0CD7-43FB-8F5B-51E2F3859EB7}&m[...]
Deleted : user_pref("pagetweak.pref.hxxps://support.pacifichost.com/index.php?/Tickets/Ticket/View/EAA-182-770[...]

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\3zgzbpyd.NOTHING\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={5C7A952C-0CD7-43FB-8F5B-51E2F385[...]

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\8b1llx4h.lightning cutdown\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={5C7A952C-0CD7-43FB-8F5B-51E2F385[...]

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kcyd6e5u.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={5C7A952C-0CD7-43FB-8F5B-51E2F385[...]
Deleted : user_pref("extensions.50559d4923334.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.asktb.cbid", "GL");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1290565900848");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.o", "10168");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"78\": {\"id\": \"78\",\"tit[...]
Deleted : user_pref("extensions.m86sb.ta.categories", "{\r\n \"version\": \"3.504\",\r\n \"Images\": {\r\n\[...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"characters_reserved_per_media\[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/clipextractor/{8A14AF9A-D818-[...]
Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/clipextractor/{8A14AF9A-D818-41FA-9B7A-D91E4[...]
Deleted : user_pref("somoto.old_dnscatch", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=1016[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&gct=[...]

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\kj67jihf.default-1355003050493\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={5C7A952C-0CD7-43FB-8F5B-51E2F385[...]

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pcygg60b.0-fastfox\prefs.js

Deleted : user_pref("CT3196716..clientLogIsEnabled", false);
Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);
Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_8478564928926792879", true);
Deleted : user_pref("CT3196716.CT3196716", "CT3196716");
Deleted : user_pref("CT3196716.CurrentServerDate", "4-8-2012");
Deleted : user_pref("CT3196716.DSInstall", false);
Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Sat Aug 04 2012 19:31:12 GMT+1000");
Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");
Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Mon Jun 04 2012 11:35:01 GMT+1000");
Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Mon Jun 04 2012 10:19:21 GMT+100[...]
Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Mon Jun 04 2012 10:19:21 GMT+100[...]
Deleted : user_pref("CT3196716.FirstServerDate", "4-6-2012");
Deleted : user_pref("CT3196716.FirstTime", true);
Deleted : user_pref("CT3196716.FirstTimeFF3", true);
Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);
Deleted : user_pref("CT3196716.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3196716.HPInstall", false);
Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);
Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3196716.HomepageBeforeUnload", "hxxps://mail.google.com/mail/?shva=1#inbox");
Deleted : user_pref("CT3196716.Initialize", true);
Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);
Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3196716.InstallationType", "Unknown");
Deleted : user_pref("CT3196716.InstalledDate", "Mon Jun 04 2012 10:19:37 GMT+1000");
Deleted : user_pref("CT3196716.InvalidateCache", false);
Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);
Deleted : user_pref("CT3196716.IsGrouping", false);
Deleted : user_pref("CT3196716.IsInitSetupIni", true);
Deleted : user_pref("CT3196716.IsMulticommunity", false);
Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);
Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);
Deleted : user_pref("CT3196716.IsProtectorsInit", true);
Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Sat Aug 04 2012 19:31:10 GMT+1000");
Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Tue Jul 17 2012 20:20:47 GMT+1000");
Deleted : user_pref("CT3196716.LastLogin_3.14.1.0", "Sat Aug 04 2012 19:31:11 GMT+1000");
Deleted : user_pref("CT3196716.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3196716.Locale", "en");
Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT3196716.RadioIsPodcast", false);
Deleted : user_pref("CT3196716.RadioLastCheckTime", "Mon Jun 04 2012 10:19:21 GMT+1000");
Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3196716.RadioMediaID", "9962");
Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");
Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3196716.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Liquid Words");
Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT319[...]
Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Sat Aug 04 2012 19:31:07 GMT+1000");
Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3196716.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);
Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Sat Aug 04 2012 19:31:08 GMT+1000");
Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Sat Aug 04 2012 19:31:07 GMT+1000");
Deleted : user_pref("CT3196716.SettingsLastUpdate", "1343631108");
Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13");
Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Mon Jun 04 2012 10:19:17 GMT+1000");
Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");
Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3196716.UserID", "UN75694139009890576");
Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3196716.WeatherNetwork", "");
Deleted : user_pref("CT3196716.WeatherPollDate", "Mon Jun 04 2012 11:19:58 GMT+1000");
Deleted : user_pref("CT3196716.WeatherUnit", "C");
Deleted : user_pref("CT3196716.alertChannelId", "1613210");
Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Mon Jun 04 2012 10:19:20 GMT+1000");
Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3196716.initDone", true);
Deleted : user_pref("CT3196716.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);
Deleted : user_pref("CT3196716.myStuffEnabled", true);
Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3196716.revertSettingsEnabled", true);
Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3196716.testingCtid", "");
Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Sat Aug 04 2012 19:31:11 GMT+1000");
Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Mon Jun 04 2012 10:19:23 GMT+1000");
Deleted : user_pref("CT3196716.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1613210/1606743/AU", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\owner\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 06 2012 12:52:32 GMT+1000");
Deleted : user_pref("CommunityToolbar.globalUserId", "7f182c7d-464d-4a79-8842-f411d31e740d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jun 04 2012 10:19:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 04 2012 11:19:31 GMT+100[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jun 05 2012 10:26:45 GMT+1000");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "641477a2-ea2a-414b-a84f-c2d4fbdfbf74");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxps://mail.google.com/mail/?shva=1#inbox");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Liquid Words");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={5C7A952C-0CD7-43FB-8F5B-51E2F385[...]
Deleted : user_pref("imtranslator.provider", "babylon");

File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\pfmtfb6i.basic-probs\prefs.js

[OK] File is clean.

File : C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\s5zkts12.default\prefs.js

[OK] File is clean.

File : C:\Users\owner-pc\AppData\Roaming\Mozilla\Firefox\Profiles\o9usq19e.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.cbid", "GL");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2011.08.17+15.03.51-toolbar003iad-AU-U3lkbmV5LEF1c3RyYWxpYQ%3D%[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYAU");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "ASXX0112");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.siteadvisor.com/uninstall.html?client=ie&[...]
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "D0BB3596-C509-4672-BD99-4D7BBA93159C");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1319088313685");
Deleted : user_pref("extensions.asktb.last-search-timestamp", "1319092586770");
Deleted : user_pref("extensions.asktb.last-v", "3.11.3.15590");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Sydney,Australia");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.o", "10168");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "6");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-history-queries", "4551||carsales.com.au||tinyurl");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.11.3.100007");
Deleted : user_pref("extensions.asktb.version", "5.11.3.15590");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.27] : homepage = "hxxps://mail.google.com/mail/#inbox",
Deleted [l.31] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/#inbox", "hxxp://www.searchnu[...]
Deleted [l.105] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.108] : keyword = "ask.com",
Deleted [l.111] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=D7[...]
Deleted [l.112] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Deleted [l.7438] : homepage = "hxxps://mail.google.com/mail/#inbox",
Deleted [l.8177] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/#inbox", "hxxp://www.searchnu.co[...]

-\\ Chromium vr_pages: {
enabled: false
}

File : C:\Users\owner\AppData\Local\Chromium\User Data\Default\Preferences

Deleted [l.4062] : homepage = "hxxps://mail.google.com/mail/#inbox",

File : C:\Users\me\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\owner-pc\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\owner\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://www.searchnu.com/406

File : C:\Users\owner-pc\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [44478 octets] - [07/02/2013 08:13:01]
AdwCleaner[S1].txt - [44043 octets] - [07/02/2013 08:14:55]

########## EOF - C:\AdwCleaner[S1].txt - [44104 octets] ##########
  • 0

#12
Jintan
Posted 06 February 2013 - 06:29 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
AdwCleaner sure removed quite a bit. Not real sure I provided the steps to run the Delete option though. Better if you stay the course here, instead of independent choices, okay?

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#13
himagaintoo
Posted 08 February 2013 - 03:26 AM

himagaintoo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Jintan,
Sorry about slow response - even allowing for my being GMT +10 :-)
Our neighbour has had an accident and broken her hip and leg (78 y.o.) and we have been organising a wheelchair/commode for her and moving furniture. ( Two storey house and all bedrooms and bathroom are upstairs!)

I haven't proceeded with the additional actions yet, but the main "infection indicator" - loss of display imaging and popup problems have been resolved. That turned out to be the alteration of the options in Windows "Accessibility", and following restoring that everything seems to be going well again.

HOWEVER I will run the rest of the procedures when I get back on line from helping organise the neighbours.

Thank you again,

John

  • 0

#14
Jintan
Posted 08 February 2013 - 05:22 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Thanks for the update. Yes, go ahead with the scans and post when ready.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP