Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Browser Redirects to Scour


  • This topic is locked This topic is locked
27 replies to this topic

#1 BostonRed

BostonRed

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 21 October 2012 - 03:22 PM

For the last few weeks, I've been hit by a virus that takes many of my Google searches to Scour or Infomash or a variety of other sites. I've tried the usual tricks to identify and kill a few viruses, but this issue persists. My security software and Malewarebytes show no problems.

I am using a 64 bit system, so no ark.txt file is attached.

Thanks for your help.



DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Joe at 16:08:53 on 2012-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.6175 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Rovi\Rovi Player\CNRpc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files\mcafee\VirusScan\mcods.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
BHO: Giant Savings: {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120630082835.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe -start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: sonic.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{352EC8A6-E339-4729-A8CE-0755E457841A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F6DC8A3F-4BF5-436A-AD9F-5C570C3E1149} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120630082835.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: ActiveMail: {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.soccerbyives.net/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-22 21:40; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
FF - ExtSQL: 2012-10-14 13:21; activemail@activepath.com; C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\activemail@activepath.com
FF - ExtSQL: 2012-10-20 18:45; freehdsport@freehdsport.tv; C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\freehdsport@freehdsport.tv.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315&q=
FF - user.js: extensions.funmoods.id - D4BED9CD3972720B
FF - user.js: extensions.funmoods.instlDay - 15549
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:39:38
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7c10720b00000000000008edb938d0c7&q=
FF - user.js: extensions.BabylonToolbar.id - 7c10720b00000000000008edb938d0c7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15613
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.713:20:35
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-6-14 55856]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 352248]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-6-14 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-6-14 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-6-14 177144]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 RNow Service;RNow Service;C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe [2012-9-7 175928]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-14 1695040]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-14 317440]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-6-14 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-14 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe --> C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250808]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-5 196440]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-6-14 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-20 115168]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-21 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-20 22:45:04 -------- d-----w- C:\Program Files (x86)\FirstRowSportApp.com
2012-10-20 15:14:42 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 00:57:19 -------- d-----w- C:\ProgramData\Rovi
2012-10-18 00:57:01 -------- d-----w- C:\Program Files (x86)\Rovi
2012-10-10 10:15:46 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 10:14:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 10:14:59 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 10:14:41 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 10:14:41 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 10:14:31 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 10:14:31 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 10:14:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 10:14:31 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 10:14:31 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 10:14:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-06 02:29:19 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-09-30 17:34:42 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-30 17:30:40 -------- d-----w- C:\_OTL
2012-09-30 17:20:38 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-09-30 17:20:34 -------- d-----w- C:\ProgramData\ActivePath
2012-09-30 17:20:27 -------- d-----w- C:\Users\Joe\AppData\Local\Giant Savings
2012-09-30 17:20:25 -------- d-----w- C:\Program Files (x86)\Giant Savings
2012-09-30 17:20:22 -------- d-----w- C:\Users\Joe\AppData\Roaming\Babylon
2012-09-30 17:20:22 -------- d-----w- C:\ProgramData\Babylon
2012-09-30 17:20:21 -------- d-----w- C:\Program Files (x86)\FLVPlayer
2012-09-29 14:26:15 208896 ----a-w- C:\Windows\MBR.exe
2012-09-29 14:26:13 98816 ----a-w- C:\Windows\sed.exe
2012-09-29 14:26:13 256000 ----a-w- C:\Windows\PEV.exe
2012-09-26 09:49:19 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-23 02:35:51 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-23 02:10:57 -------- d-----w- C:\Users\Joe\AppData\Roaming\SpeedyPC Software
2012-09-23 02:10:57 -------- d-----w- C:\Users\Joe\AppData\Roaming\DriverCure
2012-09-23 02:10:45 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-09-23 02:10:42 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-09-23 02:10:42 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
.
==================== Find3M ====================
.
2012-10-09 10:39:27 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 10:39:27 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-03 12:16:45 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-03 12:16:45 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-25 01:57:51 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2012-07-25 01:57:51 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
.
============= FINISH: 16:09:15.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 21 October 2012 - 06:26 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    %systemroot%\*. /rp /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.exe log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 October 2012 - 06:25 AM

Thanks for your help.

1. Any comments or questions you may have that you'd like for me to answer in my next post to you. >> I'm good for now.
2. OTL.txt & Extras.txt log files. >> OTL.txt log coming in additional replies (too long to post in this reply)
3. aswMBR.exe log file. >> aswMBR log file below
4. An update on how your computer is currently running. >> No new issues. Performance is fine.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 06:43:10
-----------------------------
06:43:10.558 OS Version: Windows x64 6.1.7601 Service Pack 1
06:43:10.558 Number of processors: 4 586 0x2A07
06:43:10.558 ComputerName: JOE-PC UserName: Joe
06:43:12.852 Initialize success
06:45:08.545 AVAST engine defs: 12102200
06:45:34.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:45:34.101 Disk 0 Vendor: ST31000524AS JC4A Size: 953869MB BusType: 3
06:45:34.116 Disk 0 MBR read successfully
06:45:34.116 Disk 0 MBR scan
06:45:34.116 Disk 0 Windows VISTA default MBR code
06:45:34.116 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
06:45:34.132 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
06:45:34.147 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938660 MB offset 31145984
06:45:34.163 Disk 0 scanning C:\Windows\system32\drivers
06:45:42.073 Service scanning
06:45:56.363 Modules scanning
06:45:56.363 Disk 0 trace - called modules:
06:45:56.378 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
06:45:56.893 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dff060]
06:45:56.893 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007afc520]
06:45:56.893 5 ACPI.sys[fffff88000f6a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007af3060]
06:46:01.636 AVAST engine scan C:\Windows
06:46:03.727 AVAST engine scan C:\Windows\system32
06:48:34.409 AVAST engine scan C:\Windows\system32\drivers
06:48:58.612 AVAST engine scan C:\Users\Joe
07:16:10.400 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
07:16:10.416 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

#4 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 October 2012 - 06:27 AM

OTL File part 1

OTL logfile created on: 10/22/2012 6:34:46 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Documents\My Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.19% Memory free
15.83 Gb Paging File | 12.99 Gb Available in Paging File | 82.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 861.95 Gb Free Space | 94.03% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/22 06:34:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\My Documents\My Downloads\OTL.exe
PRC - [2012/10/13 19:41:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/11 11:52:41 | 000,756,280 | ---- | M] () -- C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
PRC - [2012/10/09 06:39:27 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/07 03:57:18 | 000,323,384 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\CNRpc.exe
PRC - [2012/09/07 03:57:14 | 000,175,928 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe
PRC - [2012/09/07 03:56:42 | 003,866,936 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/08 23:39:52 | 001,061,520 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/06 18:23:20 | 003,110,184 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/27 17:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 22:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/12/31 18:04:38 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/06/29 09:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/13 19:41:55 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/11 11:52:41 | 000,756,280 | ---- | M] () -- C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
MOD - [2012/10/09 06:39:27 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/06/21 22:06:57 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/21 22:06:55 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/21 22:06:43 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/06/21 22:06:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/06/21 22:06:37 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
MOD - [2012/06/21 22:06:02 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/06/21 22:06:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/06/21 22:05:37 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/06/21 22:05:37 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/06/21 22:05:35 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\36adb4b0a5ebbe454b04030ce2e7291a\System.ServiceModel.ni.dll
MOD - [2012/06/21 22:05:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/06/21 19:35:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/06/21 19:35:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/21 19:35:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/21 19:35:45 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/06/21 19:35:44 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/06/21 19:35:44 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/06/21 19:35:41 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll
MOD - [2012/06/21 19:35:41 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
MOD - [2012/06/21 19:35:40 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
MOD - [2012/06/21 19:35:39 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
MOD - [2012/06/21 19:35:38 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/21 19:35:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/21 19:35:28 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
MOD - [2012/06/21 19:35:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/21 19:35:22 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/06/21 19:35:20 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/21 19:35:20 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/06/21 19:35:20 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/06/21 19:35:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/06/21 19:35:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/21 19:35:11 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/06/21 19:35:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/21 19:35:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/21 19:35:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/21 19:35:02 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
MOD - [2012/06/21 19:35:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/12/31 18:04:40 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
MOD - [2011/12/31 18:04:32 | 000,026,408 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
MOD - [2011/12/31 18:04:28 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
MOD - [2011/06/29 09:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 20:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/25 00:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/25 00:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/03/22 16:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 21:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 21:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 21:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 20:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 20:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 16:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 16:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/09/09 09:19:14 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/08 23:31:42 | 006,715,024 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/03/08 18:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/13 19:41:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 06:39:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 03:57:14 | 000,175,928 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe -- (RNow Service)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/07 13:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 17:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/06/14 21:39:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/14 21:39:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 19:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/27 11:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 20:02:40 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE:64bit: - HKLM\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
IE - HKLM\..\SearchScopes\{65350360-E59D-AFFA-C418-187B3C1EBCBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes,Backup.Old.DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes,DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=300912_IKAN_3912_1&babsrc=SP_ss&mntrId=7c10720b00000000000008edb938d0c7
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.soccerbyives.net/"
FF - prefs.js..extensions.enabledAddons: {3112ca9c-de6d-4884-a869-9855de680400}:1.9.6.1
FF - prefs.js..extensions.enabledAddons: {B7065F52-F443-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: activemail@activepath.com:5.8.18
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/10/06 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 19:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 19:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/06 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B7065F52-F443-11E1-8270-B8AC6F996F26}: C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\ [2012/09/01 10:46:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 19:41:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 19:41:53 | 000,000,000 | ---D | M]

[2012/06/20 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2012/10/20 18:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions
[2012/06/23 18:00:18 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/10/14 13:21:24 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\activemail@activepath.com
[2012/10/20 18:45:09 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\freehdsport@freehdsport.tv.xpi
[2012/09/22 21:40:19 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/10/13 19:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/01 10:46:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOE\APPDATA\LOCAL\{B7065F52-F443-11E1-8270-B8AC6F996F26}
[2012/10/13 19:41:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:35:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/30 13:20:28 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 14:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:41:55 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: FreeHDSport.TV = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\
CHR - Extension: YouTube = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: SpeedDial = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: Google Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Eat24 = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\
CHR - Extension: ActiveMail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\
CHR - Extension: Giant Savings = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\crossrider
CHR - Extension: Giant Savings = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\
CHR - Extension: Gmail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120630082835.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120630082835.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe (Rovi Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: sonic.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{352EC8A6-E339-4729-A8CE-0755E457841A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6DC8A3F-4BF5-436A-AD9F-5C570C3E1149}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 06:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/10/22 06:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/20 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
[2012/10/20 18:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstRowSportApp.com
[2012/10/17 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rovi
[2012/10/17 20:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Rovi
[2012/10/17 20:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovi
[2012/10/17 20:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovi
[2012/10/13 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/05 22:29:19 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/09/30 13:34:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/30 13:30:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/30 13:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/09/30 13:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/09/30 13:20:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Giant Savings
[2012/09/30 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
[2012/09/30 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Babylon
[2012/09/30 13:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/09/30 13:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2012/09/30 11:42:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Malware Issues
[2012/09/30 11:37:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/29 10:26:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/29 10:26:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/29 10:26:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/29 10:24:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/29 10:23:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/22 22:10:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SpeedyPC Software
[2012/09/22 22:10:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\DriverCure
[2012/09/22 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/09/22 22:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/09/22 22:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/22 22:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 06:18:40 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 06:18:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 06:17:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001UA.job
[2012/10/22 06:11:29 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/10/22 06:10:57 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/22 06:09:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 06:09:22 | 2078,769,151 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/21 18:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/21 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/10/21 16:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001Core.job
[2012/10/21 16:07:57 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2012/10/20 18:45:06 | 000,001,141 | ---- | M] () -- C:\Users\Joe\Desktop\FirstRowSportApp.lnk
[2012/10/17 20:57:13 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Rovi Player.lnk
[2012/10/17 20:57:13 | 000,001,779 | ---- | M] () -- C:\Users\Joe\Documents\RES.lnk
[2012/10/17 20:55:52 | 000,000,024 | ---- | M] () -- C:\ProgramData\RNowSvc.ini
[2012/10/15 07:52:53 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/10/14 08:49:42 | 000,001,207 | ---- | M] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
[2012/10/10 22:18:21 | 000,002,479 | ---- | M] () -- C:\Users\Joe\Desktop\Google Chrome.lnk
[2012/09/30 13:31:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012/09/30 13:20:21 | 000,001,027 | ---- | M] () -- C:\Users\Joe\Desktop\Video Player.lnk
[2012/09/29 10:33:00 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\
[2012/09/22 22:28:52 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/09/22 22:28:52 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 16:07:57 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2012/10/20 18:45:06 | 000,001,141 | ---- | C] () -- C:\Users\Joe\Desktop\FirstRowSportApp.lnk
[2012/10/17 20:57:13 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Rovi Player.lnk
[2012/10/17 20:57:13 | 000,001,779 | ---- | C] () -- C:\Users\Joe\Documents\RES.lnk
[2012/10/17 20:55:52 | 000,000,024 | ---- | C] () -- C:\ProgramData\RNowSvc.ini
[2012/10/15 07:52:54 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/10/15 07:52:40 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/09/30 13:20:21 | 000,001,027 | ---- | C] () -- C:\Users\Joe\Desktop\Video Player.lnk
[2012/09/29 10:26:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/29 10:26:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/29 10:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/29 10:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/29 10:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/22 22:11:01 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/22 22:10:51 | 000,001,207 | ---- | C] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
[2012/09/22 22:10:48 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/09/22 22:10:47 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/09/22 22:10:46 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/09/01 10:46:11 | 000,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Local\
[2012/07/28 08:39:43 | 000,384,844 | ---- | C] () -- C:\Users\Joe\AppData\Local\funmoods-speeddial.crx
[2012/06/22 01:10:15 | 000,000,253 | -H-- | C] () -- C:\ProgramData\hpothb07.tif
[2012/06/22 01:10:15 | 000,000,164 | -H-- | C] () -- C:\ProgramData\hpothb07.dat
[2012/06/22 01:10:00 | 000,000,984 | ---- | C] () -- C:\ProgramData\QTSBandwidthCache
[2012/06/14 21:16:47 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/14 21:16:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/14 21:16:44 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/23 09:30:45 | 000,353,900 | ---- | C] () -- C:\Users\Joe\Recyclebank's Green Your Vacation Travel Checklist.pdf
[2011/02/10 12:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/30 13:20:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Babylon
[2012/06/22 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Canon
[2012/07/13 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Catalina Marketing Corp
[2012/09/22 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\DriverCure
[2012/06/20 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Fingertapps
[2012/06/22 06:02:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LibreOffice
[2012/06/24 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PCDr
[2012/09/22 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SpeedyPC Software
[2012/07/15 10:37:20 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /rp /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/14 19:51:55 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/07/07 15:02:49 | 000,000,848 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001Core.job
[2012/07/07 15:02:50 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001UA.job
[2012/09/22 22:10:46 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/09/22 22:10:47 | 000,000,460 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/09/22 22:10:48 | 000,000,512 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/09/22 22:11:01 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/10/15 07:52:40 | 000,000,328 | ---- | C] () -- C:\Windows\Tasks\ActiveMail Chrome Watcher.job
[2012/10/15 07:52:54 | 000,000,380 | ---- | C] () -- C:\Windows\Tasks\ActiveMail Updater.job

OTL log part 2

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/10/13 19:41:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/10/13 19:41:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/06/14 21:15:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/06/14 21:15:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/06/14 21:15:49 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/10/21 10:48:43 | 000,162,034 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/10/21 16:21:46 | 000,000,005 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/10/21 16:21:45 | 000,006,311 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Local State
[2012/10/21 15:14:05 | 008,095,360 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/10/21 15:14:06 | 002,112,987 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/10/21 15:14:34 | 000,006,144 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/10/21 15:14:34 | 000,004,640 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/10/21 15:14:06 | 000,134,408 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/10/21 15:14:05 | 000,936,492 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/10/21 15:14:06 | 000,019,772 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/07/28 10:44:29 | 000,000,055 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Service State
[2012/10/21 15:53:30 | 000,057,344 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/10/21 15:53:30 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2012/07/07 15:04:22 | 000,000,757 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/07/07 15:04:22 | 000,000,757 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/10/21 16:21:46 | 000,069,632 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/10/21 16:21:46 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/10/21 16:21:46 | 000,022,491 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/10/21 16:21:45 | 000,011,979 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/10/21 16:21:46 | 000,006,144 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/10/21 16:21:46 | 000,004,640 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
[2012/10/21 16:21:41 | 000,106,496 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/10/21 16:21:41 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/10/21 16:21:46 | 000,147,456 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History
[2012/10/20 17:36:13 | 000,036,864 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07
[2012/10/20 17:36:13 | 000,036,864 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-08
[2012/10/20 17:36:13 | 000,036,864 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-09
[2012/10/21 16:21:41 | 000,143,360 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-10
[2012/10/21 16:21:41 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-10-journal
[2012/10/21 16:21:45 | 000,033,084 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/10/21 16:21:46 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/10/21 15:53:30 | 000,119,340 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/10/21 15:53:27 | 000,036,586 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/10/21 16:21:30 | 000,012,288 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/10/21 16:21:30 | 000,008,736 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2012/10/21 16:21:40 | 000,000,008 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings
[2012/10/21 15:51:17 | 000,091,136 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/10/21 15:51:18 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/10/21 16:21:46 | 000,109,796 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/10/21 16:21:46 | 000,013,312 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/10/21 16:21:46 | 000,008,768 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2012/07/07 15:04:38 | 000,000,180 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\README
[2012/10/21 12:05:22 | 000,020,480 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/10/21 12:05:22 | 000,012,824 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/10/21 12:42:54 | 000,049,152 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/10/21 12:42:54 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/10/21 15:53:29 | 000,000,280 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2012/10/21 16:21:46 | 000,131,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/10/21 16:21:31 | 000,090,112 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/10/21 16:21:31 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/10/21 16:21:46 | 000,081,920 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/10/21 16:21:46 | 001,318,912 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/10/21 16:21:46 | 002,105,344 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/10/21 16:21:46 | 004,202,496 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/10/20 17:35:59 | 000,017,983 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2012/10/20 17:36:01 | 000,026,286 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/10/20 17:36:01 | 000,033,180 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/10/20 17:36:11 | 000,033,186 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/10/20 17:36:11 | 000,047,126 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/10/20 17:36:11 | 000,017,531 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/10/20 17:36:12 | 000,021,584 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/10/20 17:36:12 | 000,024,441 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/10/20 17:36:12 | 000,102,855 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/10/20 17:36:12 | 000,027,800 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/10/20 17:36:12 | 000,032,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/10/20 17:36:12 | 000,075,685 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/10/20 17:36:12 | 000,065,405 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/10/20 17:36:13 | 000,289,119 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/10/20 17:36:16 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/10/20 17:36:19 | 000,041,975 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/10/20 18:29:28 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/10/20 18:29:58 | 000,032,111 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/10/20 18:29:58 | 000,061,199 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/10/20 18:29:58 | 000,031,403 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/10/20 18:29:59 | 000,099,461 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/10/20 18:29:59 | 000,046,917 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/10/20 18:29:59 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/10/20 18:29:59 | 000,024,473 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2012/10/20 18:29:59 | 000,044,337 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/10/20 18:29:59 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/10/20 18:29:59 | 000,022,673 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/10/20 18:29:59 | 000,017,457 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/10/20 18:29:59 | 000,025,754 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/10/20 18:29:59 | 000,035,418 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/10/20 18:29:59 | 000,036,311 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/10/20 18:32:02 | 000,031,476 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2012/10/20 18:32:03 | 000,020,079 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/10/20 18:32:03 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/10/20 18:32:03 | 000,017,302 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/10/20 18:36:01 | 000,035,385 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/10/20 18:36:21 | 000,027,105 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/10/20 18:36:21 | 000,091,901 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/10/20 18:36:37 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/10/20 18:36:46 | 000,046,388 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/10/20 18:36:47 | 000,020,431 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/10/20 18:36:47 | 000,019,119 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
[2012/10/20 18:36:49 | 000,019,675 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
[2012/10/20 18:36:49 | 000,017,841 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
[2012/10/20 18:36:55 | 000,050,638 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
[2012/10/20 18:38:18 | 000,017,216 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
[2012/10/20 18:38:18 | 000,018,740 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
[2012/10/20 18:38:18 | 000,016,524 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
[2012/10/20 18:38:18 | 000,020,462 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
[2012/10/20 18:38:18 | 000,022,752 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
[2012/10/20 18:38:18 | 000,021,490 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
[2012/10/20 18:38:18 | 000,019,116 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
[2012/10/20 18:38:18 | 000,021,044 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
[2012/10/20 18:38:18 | 000,021,093 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
[2012/10/20 18:38:18 | 000,021,691 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
[2012/10/20 18:38:18 | 000,017,089 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
[2012/10/20 18:38:19 | 000,023,753 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
[2012/10/20 18:38:19 | 000,020,448 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
[2012/10/20 18:38:19 | 000,016,626 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
[2012/10/20 18:38:19 | 000,017,036 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
[2012/10/20 18:38:19 | 000,019,021 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
[2012/10/20 18:38:19 | 000,019,125 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
[2012/10/20 18:38:19 | 000,017,625 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
[2012/10/20 18:38:19 | 000,017,074 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
[2012/10/20 18:38:19 | 000,016,873 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
[2012/10/20 18:38:19 | 000,018,562 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
[2012/10/20 18:38:19 | 000,016,499 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
[2012/10/20 18:38:19 | 000,017,471 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
[2012/10/20 18:38:19 | 000,017,881 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
[2012/10/20 18:38:19 | 000,016,726 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
[2012/10/20 18:38:19 | 000,019,376 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000049
[2012/10/20 18:38:19 | 000,018,017 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
[2012/10/20 18:38:19 | 000,016,423 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
[2012/10/20 18:38:19 | 000,018,707 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c
[2012/10/20 18:38:19 | 000,020,615 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
[2012/10/20 18:38:20 | 000,017,902 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
[2012/10/20 18:38:20 | 000,017,915 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
[2012/10/20 18:38:20 | 000,020,686 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050
[2012/10/20 18:38:20 | 000,021,983 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051
[2012/10/20 18:38:20 | 000,016,738 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052
[2012/10/20 18:40:03 | 000,016,849 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053
[2012/10/20 18:40:04 | 000,017,774 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054
[2012/10/20 18:40:11 | 000,080,703 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055
[2012/10/20 18:40:12 | 000,029,715 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056
[2012/10/20 18:40:12 | 000,020,089 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057
[2012/10/20 18:40:12 | 000,059,074 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058
[2012/10/20 18:42:32 | 000,018,978 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059
[2012/10/20 18:42:32 | 000,017,789 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a
[2012/10/20 18:42:48 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b
[2012/10/20 18:42:50 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c
[2012/10/20 18:43:53 | 000,042,631 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d
[2012/10/20 18:43:55 | 000,035,260 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
[2012/10/20 18:43:55 | 000,021,938 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
[2012/10/20 18:43:56 | 000,024,605 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
[2012/10/20 18:43:57 | 000,060,729 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
[2012/10/20 18:43:58 | 000,032,103 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
[2012/10/20 18:44:02 | 000,048,831 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000063
[2012/10/20 18:44:04 | 000,141,832 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000064
[2012/10/20 18:44:05 | 000,047,556 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000065
[2012/10/20 18:44:13 | 000,017,227 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066
[2012/10/20 18:44:13 | 000,031,172 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000067
[2012/10/20 18:44:15 | 000,056,610 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000068
[2012/10/20 18:44:21 | 000,017,302 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000069
[2012/10/20 18:44:23 | 000,024,637 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006a
[2012/10/20 18:44:23 | 000,060,422 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006b
[2012/10/20 18:44:23 | 000,025,155 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006c
[2012/10/20 18:44:23 | 000,028,218 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006d
[2012/10/20 18:44:23 | 000,059,767 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006e
[2012/10/20 18:44:24 | 000,023,019 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006f
[2012/10/20 18:44:24 | 000,026,117 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000070
[2012/10/20 18:44:24 | 000,022,029 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000071
[2012/10/20 18:44:25 | 000,040,491 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000072
[2012/10/20 18:44:25 | 000,036,685 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000073
[2012/10/20 18:44:25 | 000,045,469 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000074
[2012/10/20 18:44:27 | 000,075,700 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000075
[2012/10/20 18:44:31 | 000,024,209 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000076
[2012/10/20 18:44:32 | 000,029,271 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077
[2012/10/20 18:44:35 | 000,031,352 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000078
[2012/10/20 18:44:35 | 000,035,456 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000079
[2012/10/20 18:44:36 | 000,021,399 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007a
[2012/10/20 18:44:36 | 000,021,161 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007b
[2012/10/20 18:44:37 | 000,034,789 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007c
[2012/10/20 18:44:38 | 000,021,063 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007d
[2012/10/20 18:44:38 | 000,022,855 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007e
[2012/10/20 18:44:44 | 000,047,792 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007f
[2012/10/20 18:44:48 | 000,037,645 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000080
[2012/10/20 18:44:48 | 000,050,758 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000081
[2012/10/20 18:44:49 | 000,021,228 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000082
[2012/10/20 18:44:50 | 000,044,973 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000083
[2012/10/20 18:45:04 | 000,018,047 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000084
[2012/10/20 18:45:05 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000085
[2012/10/20 18:45:05 | 000,017,805 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000086
[2012/10/21 10:42:43 | 000,029,197 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000087
[2012/10/21 10:42:43 | 000,019,826 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000088
[2012/10/21 10:42:44 | 000,019,826 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000089
[2012/10/21 10:42:45 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008a
[2012/10/21 12:05:06 | 000,142,400 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008b
[2012/10/21 12:05:07 | 000,033,673 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008c
[2012/10/21 12:05:24 | 000,097,799 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008d
[2012/10/21 12:58:59 | 000,018,419 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008e
[2012/10/21 13:42:45 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008f
[2012/10/21 15:51:24 | 000,020,453 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000090
[2012/10/21 15:53:20 | 000,410,138 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000091
[2012/10/21 15:53:20 | 000,069,759 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000092
[2012/10/21 15:53:21 | 000,069,804 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000093
[2012/10/21 15:53:22 | 000,016,826 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000094
[2012/10/21 15:53:22 | 000,017,825 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000095
[2012/10/21 15:53:22 | 000,069,816 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000096
[2012/10/21 15:53:22 | 000,047,330 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000097
[2012/10/21 15:53:23 | 000,075,918 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000098
[2012/10/21 15:53:24 | 000,033,395 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000099
[2012/10/21 15:53:24 | 000,153,383 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009a
[2012/10/21 15:53:25 | 000,109,728 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009b
[2012/10/21 15:53:25 | 000,027,728 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009c
[2012/10/21 16:21:32 | 000,104,054 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009d
[2012/10/21 16:21:40 | 000,030,223 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009e
[2012/10/21 16:21:40 | 000,072,618 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009f
[2012/10/20 17:35:57 | 000,524,656 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/10/06 10:12:55 | 000,007,168 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/10/06 10:12:55 | 000,005,672 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal
[2012/10/21 16:21:33 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\1
[2012/10/21 10:43:44 | 000,263,168 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\2
[2012/10/06 21:38:17 | 000,000,196 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\000038.sst
[2012/10/21 10:42:37 | 000,000,292 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\000044.sst
[2012/10/21 15:51:15 | 000,000,196 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\000047.sst
[2012/10/21 16:21:30 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\000050.log
[2012/10/21 16:21:30 | 000,000,016 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
[2012/08/09 20:28:18 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
[2012/10/21 16:21:30 | 000,000,704 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000049
[2012/10/21 10:42:39 | 000,001,018 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\manifest.json
[2012/10/21 10:42:39 | 000,000,152 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\html\background.html
[2012/10/21 10:42:39 | 000,000,708 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\images\icon.16.png
[2012/10/21 10:42:39 | 000,003,326 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\images\icon.48.png
[2012/10/21 10:42:39 | 000,003,682 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\js\background.js
[2012/10/21 10:42:39 | 000,001,797 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\js\ex.js
[2012/10/21 10:42:39 | 000,093,868 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\js\jquery.js
[2012/07/07 15:04:21 | 000,003,524 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png
[2012/07/07 15:04:21 | 000,000,745 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json
[2012/07/07 15:04:21 | 000,000,401 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json
[2012/07/07 15:04:21 | 000,000,427 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json
[2012/07/07 15:04:21 | 000,000,250 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json
[2012/07/07 15:04:21 | 000,000,255 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json
[2012/07/07 15:04:21 | 000,000,242 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json
[2012/07/07 15:04:21 | 000,000,226 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json
[2012/07/07 15:04:21 | 000,000,475 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json
[2012/07/07 15:04:21 | 000,000,227 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json
[2012/07/07 15:04:21 | 000,000,240 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json
[2012/07/07 15:04:21 | 000,000,222 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json
[2012/07/07 15:04:21 | 000,000,236 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json
[2012/07/07 15:04:21 | 000,000,249 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json
[2012/07/07 15:04:21 | 000,000,419 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json
[2012/07/07 15:04:21 | 000,000,408 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json
[2012/07/07 15:04:21 | 000,000,220 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json
[2012/07/07 15:04:21 | 000,000,253 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json
[2012/07/07 15:04:21 | 000,000,231 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json
[2012/07/07 15:04:21 | 000,000,224 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json
[2012/07/07 15:04:21 | 000,000,349 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json
[2012/07/07 15:04:21 | 000,000,323 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json
[2012/07/07 15:04:21 | 000,000,266 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json
[2012/07/07 15:04:21 | 000,000,245 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json
[2012/07/07 15:04:21 | 000,000,225 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json
[2012/07/07 15:04:21 | 000,000,216 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json
[2012/07/07 15:04:21 | 000,000,274 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json
[2012/07/07 15:04:21 | 000,000,237 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json
[2012/07/07 15:04:21 | 000,000,236 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json
[2012/07/07 15:04:21 | 000,000,248 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json
[2012/07/07 15:04:21 | 000,000,394 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json
[2012/07/07 15:04:21 | 000,000,241 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json
[2012/07/07 15:04:21 | 000,000,245 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json
[2012/07/07 15:04:21 | 000,000,437 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json
[2012/07/07 15:04:21 | 000,000,238 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json
[2012/07/07 15:04:21 | 000,000,365 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json
[2012/07/07 15:04:21 | 000,000,255 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json
[2012/07/07 15:04:21 | 000,000,442 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json
[2012/07/07 15:04:21 | 000,000,310 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json
[2012/07/07 15:04:21 | 000,000,257 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json
[2012/07/07 15:04:21 | 000,000,269 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json
[2012/07/28 10:21:21 | 000,005,261 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\apps.js
[2012/07/28 10:21:21 | 000,000,127 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\background.html
[2012/07/28 10:21:21 | 000,008,836 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\bgscript.js
[2012/07/28 10:21:21 | 000,000,148 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\content_script.js
[2012/07/28 10:21:21 | 000,053,105 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\dialdialog.js
[2012/07/28 10:21:21 | 000,001,038 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\faq.css
[2012/07/28 10:21:21 | 000,003,316 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\faq.html
[2012/07/28 10:21:22 | 000,001,124 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\manifest.json
[2012/07/28 10:21:21 | 000,001,410 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\popup.html
[2012/07/28 10:21:21 | 000,050,258 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\script.js
[2012/07/28 10:21:21 | 000,009,059 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\speeddial.html
[2012/07/28 10:21:21 | 000,022,390 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\style.css
[2012/07/28 10:21:21 | 000,007,162 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\tree.js
[2012/07/28 10:21:21 | 000,009,028 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\tween.js
[2012/07/28 10:21:21 | 000,000,100 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\tango\credits.txt
[2012/07/28 10:21:21 | 000,005,746 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\tango\skin.css
[2012/07/28 10:21:21 | 000,023,475 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\jquery-ui-1.8rc3.custom.css
[2012/07/28 10:21:21 | 000,004,334 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\fg.menu.css
[2012/07/28 10:21:21 | 000,000,719 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.accordion.css
[2012/07/28 10:21:21 | 000,000,049 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.all.css
[2012/07/28 10:21:21 | 000,000,261 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.base.css
[2012/07/28 10:21:21 | 000,001,388 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.core.css
[2012/07/28 10:21:21 | 000,003,997 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.datepicker.css
[2012/07/28 10:21:21 | 000,001,166 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.dialog.css
[2012/07/28 10:21:21 | 000,000,172 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.progressbar.css
[2012/07/28 10:21:21 | 000,001,005 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.resizable.css
[2012/07/28 10:21:21 | 000,000,945 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.slider.css
[2012/07/28 10:21:21 | 000,000,598 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.tabs.css
[2012/07/28 10:21:21 | 000,016,980 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\ui.theme.css
[2012/07/28 10:21:21 | 000,000,157 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_diagonals-small_100_f0efea_40x40.png
[2012/07/28 10:21:21 | 000,000,180 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_flat_35_f0f0f0_40x100.png
[2012/07/28 10:21:21 | 000,000,127 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_glass_55_fcf0ba_1x400.png
[2012/07/28 10:21:21 | 000,049,306 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_glow-ball_25_2e2e28_600x600.png
[2012/07/28 10:21:21 | 000,000,114 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_highlight-soft_100_f0efea_1x100.png
[2012/07/28 10:21:21 | 000,000,121 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_highlight-soft_25_327E04_1x100.png
[2012/07/28 10:21:21 | 000,000,123 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_highlight-soft_25_5A9D1A_1x100.png
[2012/07/28 10:21:21 | 000,000,130 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_highlight-soft_95_ffedad_1x100.png
[2012/07/28 10:21:21 | 000,000,161 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-bg_inset-soft_22_3b3b35_1x100.png
[2012/07/28 10:21:21 | 000,004,379 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_808080_256x240.png
[2012/07/28 10:21:21 | 000,004,379 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_8DC262_256x240.png
[2012/07/28 10:21:21 | 000,004,379 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_cd0a0a_256x240.png
[2012/07/28 10:21:21 | 000,005,399 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_e7e6e4_256x240.png
[2012/07/28 10:21:21 | 000,004,379 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_eeeeee_256x240.png
[2012/07/28 10:21:21 | 000,004,379 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\css\ui-lightness\menu\theme\images\ui-icons_ffffff_256x240.png
[2012/07/28 10:21:22 | 000,006,071 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\icons\128.png
[2012/07/28 10:21:21 | 000,000,700 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\icons\16.png
[2012/07/28 10:21:21 | 000,003,559 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\icons\19.png
[2012/07/28 10:21:22 | 000,001,574 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\icons\32.png
[2012/07/28 10:21:22 | 000,002,682 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\icons\48.png
[2012/07/28 10:21:21 | 000,000,570 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\arrow_left.png
[2012/07/28 10:21:21 | 000,000,570 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\arrow_right.png
[2012/07/28 10:21:21 | 000,000,278 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\blank.png
[2012/07/28 10:21:21 | 000,003,616 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\bookmarkIcon.png
[2012/07/28 10:21:21 | 000,004,026 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\bookmarkIconOver.png
[2012/07/28 10:21:21 | 000,011,945 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\empty_preview.png
[2012/07/28 10:21:21 | 000,012,607 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\facebook.gif
[2012/07/28 10:21:21 | 000,000,400 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\fm_submit_btn.png
[2012/07/28 10:21:21 | 000,000,156 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\fm_topbar.gif
[2012/07/28 10:21:21 | 000,003,326 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\folder.png
[2012/07/28 10:21:21 | 000,002,874 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\menuItemBG.png
[2012/07/28 10:21:21 | 000,002,854 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\menuItemBGOver.png
[2012/07/28 10:21:21 | 000,002,957 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\panelBG.png
[2012/07/28 10:21:21 | 000,001,827 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\search-butt-h32px.png
[2012/07/28 10:21:21 | 000,001,827 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\search-butt-h32px.png.png
[2012/07/28 10:21:21 | 000,002,801 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\separator.png
[2012/07/28 10:21:21 | 000,000,351 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\settings2.png
[2012/07/28 10:21:21 | 000,016,675 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\themes.png
[2012/07/28 10:21:21 | 000,003,752 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\thumbnailFooter.png
[2012/07/28 10:21:21 | 000,001,147 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\tick-checked.png
[2012/07/28 10:21:21 | 000,003,002 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\topGradiant.png
[2012/07/28 10:21:21 | 000,000,280 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\topnav_bg.gif
[2012/07/28 10:21:21 | 000,002,826 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\tree-minus.png
[2012/07/28 10:21:21 | 000,002,838 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\tree-plus.png
[2012/07/28 10:21:21 | 000,016,920 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\images\youtube.png
[2012/07/28 10:21:21 | 000,024,475 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\fg.menu.js
[2012/07/28 10:21:21 | 000,072,328 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\jquery-1.4.2.min.js
[2012/07/28 10:21:21 | 000,093,870 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\jquery-1.7.1.min.js
[2012/07/28 10:21:21 | 000,038,840 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\jquery-ui-1.8rc3.custom.min.js
[2012/07/28 10:21:21 | 000,201,856 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\jquery-ui.min.js
[2012/07/28 10:21:21 | 000,015,664 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\jquery\jquery.jcarousel.min.js
[2012/07/07 15:04:21 | 000,005,369 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png
[2012/07/07 15:04:21 | 000,000,496 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png
[2012/07/07 15:04:21 | 000,001,143 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png
[2012/07/07 15:04:21 | 000,001,858 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png
[2012/07/07 15:04:21 | 000,000,790 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json
[2012/07/07 15:04:21 | 000,000,423 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json
[2012/07/07 15:04:21 | 000,000,515 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json
[2012/07/07 15:04:21 | 000,000,330 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json
[2012/07/07 15:04:21 | 000,000,355 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json
[2012/07/07 15:04:21 | 000,000,328 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json
[2012/07/07 15:04:21 | 000,000,307 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json
[2012/07/07 15:04:21 | 000,000,569 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json
[2012/07/07 15:04:21 | 000,000,314 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json
[2012/07/07 15:04:21 | 000,000,314 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json
[2012/07/07 15:04:21 | 000,000,314 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json
[2012/07/07 15:04:21 | 000,000,340 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json
[2012/07/07 15:04:21 | 000,000,341 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json
[2012/07/07 15:04:21 | 000,000,314 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json
[2012/07/07 15:04:21 | 000,000,305 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json
[2012/07/07 15:04:21 | 000,000,337 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json
[2012/07/07 15:04:21 | 000,000,329 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json
[2012/07/07 15:04:21 | 000,000,471 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json
[2012/07/07 15:04:21 | 000,000,326 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json
[2012/07/07 15:04:21 | 000,000,340 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json
[2012/07/07 15:04:21 | 000,000,336 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json
[2012/07/07 15:04:21 | 000,000,319 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json
[2012/07/07 15:04:21 | 000,000,324 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json
[2012/07/07 15:04:21 | 000,000,388 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json
[2012/07/07 15:04:21 | 000,000,380 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json
[2012/07/07 15:04:21 | 000,000,359 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json
[2012/07/07 15:04:21 | 000,000,360 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json
[2012/07/07 15:04:21 | 000,000,323 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json
[2012/07/07 15:04:21 | 000,000,300 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json
[2012/07/07 15:04:21 | 000,000,336 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json
[2012/07/07 15:04:21 | 000,000,332 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json
[2012/07/07 15:04:21 | 000,000,331 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json
[2012/07/07 15:04:21 | 000,000,332 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json
[2012/07/07 15:04:21 | 000,000,471 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json
[2012/07/07 15:04:21 | 000,000,338 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json
[2012/07/07 15:04:21 | 000,000,329 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json
[2012/07/07 15:04:21 | 000,000,483 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json
[2012/07/07 15:04:21 | 000,000,333 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json
[2012/07/07 15:04:21 | 000,000,472 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json
[2012/07/07 15:04:21 | 000,000,330 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json
[2012/07/07 15:04:21 | 000,000,501 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json
[2012/07/07 15:04:21 | 000,000,363 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json
[2012/07/07 15:04:21 | 000,000,346 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json
[2012/07/07 15:04:21 | 000,000,346 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json
[2012/10/06 10:12:55 | 000,000,931 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\manifest.json
[2012/10/06 10:12:55 | 000,001,629 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\popup.html
[2012/10/06 10:12:55 | 000,001,310 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\style.css
[2012/10/06 10:12:55 | 000,011,812 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\app.png
[2012/10/06 10:12:55 | 000,001,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\arrow.png
[2012/10/06 10:12:55 | 000,001,120 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\arrow_next.png
[2012/10/06 10:12:55 | 000,003,324 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\backgound.png
[2012/10/06 10:12:55 | 000,002,229 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\background_05.png
[2012/10/06 10:12:55 | 000,001,261 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\Favicon.png
[2012/10/06 10:12:55 | 000,001,215 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\favicon_alert.png
[2012/10/06 10:12:55 | 000,001,564 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_alert.png
[2012/10/06 10:12:55 | 000,003,123 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_cart.png
[2012/10/06 10:12:55 | 000,001,336 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_chat.png
[2012/10/06 10:12:55 | 000,003,097 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_heart.png
[2012/10/06 10:12:55 | 000,001,402 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_message.png
[2012/10/06 10:12:55 | 000,001,559 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_message_new.png
[2012/10/06 10:12:55 | 000,001,191 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\icon_note.png
[2012/10/06 10:12:55 | 000,010,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\images\logo_eat24.png
[2012/10/06 10:12:55 | 000,001,685 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\js\background.js
[2012/10/06 10:12:55 | 000,000,343 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\js\inject.js
[2012/10/06 10:12:55 | 000,094,840 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\js\jquery-1.7.2.min.js
[2012/10/06 10:12:55 | 000,000,577 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\js\popup.js
[2012/10/20 18:36:31 | 000,012,837 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\activeBar.js
[2012/10/20 18:36:31 | 000,022,118 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\activeFrame.js
[2012/10/20 18:36:31 | 000,016,145 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\activeLinkFilters.js
[2012/10/20 18:36:31 | 000,010,507 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\amazon.js
[2012/10/20 18:36:31 | 000,003,598 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\analytics.js
[2012/10/20 18:36:31 | 000,005,646 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\appLauncher.js
[2012/10/20 18:36:31 | 000,005,455 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\appObjects.js
[2012/10/20 18:36:31 | 000,010,029 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\appointer.js
[2012/10/20 18:36:31 | 000,012,334 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\appointerLauncher.js
[2012/10/20 18:36:31 | 000,004,290 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\appsServices.js
[2012/10/20 18:36:31 | 000,000,840 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\background.html
[2012/10/20 18:36:31 | 000,012,517 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\background.js
[2012/10/20 18:36:31 | 000,002,782 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\common.js
[2012/10/20 18:36:31 | 000,014,583 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\composer.js
[2012/10/20 18:36:31 | 000,001,497 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\config.js
[2012/10/20 18:36:31 | 000,053,312 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\dkim.js
[2012/10/20 18:36:31 | 000,007,406 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\dkim_global.js
[2012/10/20 18:36:32 | 000,039,717 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\encLib.js
[2012/10/20 18:36:32 | 000,008,433 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\global.js
[2012/10/20 18:36:32 | 000,000,180 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\guid.js
[2012/10/20 18:36:32 | 000,096,933 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\jqueryAP.min.js
[2012/10/20 18:36:32 | 000,011,996 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\linkLauncher.js
[2012/10/20 18:36:32 | 000,001,330 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\manifest.json
[2012/10/20 18:36:32 | 000,003,309 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\options.html
[2012/10/20 18:36:32 | 000,002,922 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\options.js
[2012/10/20 18:36:32 | 000,002,085 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\overlay.js
[2012/10/20 18:36:32 | 000,009,610 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\sendersList.js
[2012/10/20 18:36:32 | 000,008,087 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\stats.js
[2012/10/20 18:36:32 | 000,011,925 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\util.js
[2012/10/20 18:36:32 | 000,018,508 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\webObjects.js
[2012/10/20 18:36:32 | 000,015,293 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\images\activepath_128.png
[2012/10/20 18:36:32 | 000,000,819 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\images\activepath_16.png
[2012/10/20 18:36:32 | 000,002,566 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\images\activepath_32.png
[2012/10/20 18:36:32 | 000,004,279 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmbjhlidpnohinigphldbcffhikcill\5.8.19_0\images\activepath_48.png
[2012/10/20 18:36:34 | 000,000,954 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\background.html
[2012/10/20 18:36:34 | 000,000,367 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\crossriderManifest.json
[2012/10/20 18:36:34 | 000,001,137 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\manifest.json
[2012/10/20 18:36:34 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\popup.html
[2012/10/20 18:36:34 | 000,003,942 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\icons\icon128.png
[2012/10/20 18:36:34 | 000,000,720 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\icons\icon16.png
[2012/10/20 18:36:34 | 000,004,146 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\icons\icon48.png
[2012/10/20 18:36:34 | 000,001,223 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\icons\actions\1.png
[2012/10/20 18:36:34 | 000,037,480 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\background.js
[2012/10/20 18:36:34 | 000,008,965 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\api\chrome.js
[2012/10/20 18:36:34 | 000,010,407 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\api\cookie.js
[2012/10/20 18:36:34 | 000,002,296 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\api\message.js
[2012/10/20 18:36:34 | 000,004,735 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\app_api.js
[2012/10/20 18:36:34 | 000,002,559 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\async_api.js
[2012/10/20 18:36:34 | 000,003,970 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\bg_app_api.js
[2012/10/20 18:36:34 | 000,004,446 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\cookie_store.js
[2012/10/20 18:36:34 | 000,005,794 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\data_store.js
[2012/10/20 18:36:34 | 000,001,632 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\delegate.js
[2012/10/20 18:36:34 | 000,003,876 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\events.js
[2012/10/20 18:36:34 | 000,000,837 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\onBGDocumentLoad.js
[2012/10/20 18:36:34 | 000,002,769 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\reports.js
[2012/10/20 18:36:34 | 000,003,231 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\js\lib\util.js
[2012/07/07 15:04:23 | 000,005,920 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
[2012/07/07 15:04:23 | 000,000,755 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
[2012/07/07 15:04:23 | 000,000,556 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
[2012/07/07 15:04:23 | 000,000,492 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
[2012/07/07 15:04:23 | 000,000,262 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
[2012/07/07 15:04:23 | 000,000,289 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
[2012/07/07 15:04:23 | 000,000,240 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
[2012/07/07 15:04:23 | 000,000,239 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
[2012/07/07 15:04:23 | 000,000,624 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
[2012/07/07 15:04:23 | 000,000,215 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
[2012/07/07 15:04:23 | 000,000,281 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
[2012/07/07 15:04:23 | 000,000,284 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
[2012/07/07 15:04:23 | 000,000,234 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
[2012/07/07 15:04:23 | 000,000,272 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
[2012/07/07 15:04:23 | 000,000,391 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
[2012/07/07 15:04:23 | 000,000,246 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
[2012/07/07 15:04:23 | 000,000,234 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
[2012/07/07 15:04:23 | 000,000,242 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
[2012/07/07 15:04:23 | 000,000,260 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
[2012/07/07 15:04:23 | 000,000,364 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
[2012/07/07 15:04:23 | 000,000,328 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
[2012/07/07 15:04:23 | 000,000,269 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
[2012/07/07 15:04:23 | 000,000,262 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
[2012/07/07 15:04:23 | 000,000,232 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
[2012/07/07 15:04:21 | 000,000,210 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
[2012/07/07 15:04:23 | 000,000,292 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
[2012/07/07 15:04:23 | 000,000,230 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
[2012/07/07 15:04:23 | 000,000,231 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
[2012/07/07 15:04:23 | 000,000,281 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
[2012/07/07 15:04:23 | 000,000,482 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
[2012/07/07 15:04:21 | 000,000,210 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
[2012/07/07 15:04:23 | 000,000,238 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
[2012/07/07 15:04:23 | 000,000,249 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
[2012/07/07 15:04:23 | 000,000,511 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
[2012/07/07 15:04:23 | 000,000,471 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
[2012/07/07 15:04:23 | 000,000,250 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
[2012/07/07 15:04:23 | 000,000,536 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
[2012/07/07 15:04:23 | 000,000,257 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
[2012/07/07 15:04:23 | 000,000,339 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
[2012/07/07 15:04:23 | 000,000,321 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
[3 C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[2 C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2012/10/21 16:21:32 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgnnidmnbdkmhfkjgdnngciimpdgohok_0.localstorage
[2012/10/21 16:21:32 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgnnidmnbdkmhfkjgdnngciimpdgohok_0.localstorage-journal
[2012/10/21 16:21:40 | 000,075,776 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
[2012/10/21 16:21:41 | 000,009,800 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage-journal
[2012/10/21 16:21:46 | 000,321,536 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmbjhlidpnohinigphldbcffhikcill_0.localstorage
[2012/10/21 16:21:46 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmbjhlidpnohinigphldbcffhikcill_0.localstorage-journal
[2012/10/21 10:43:45 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage
[2012/10/21 10:43:45 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0.localstorage-journal
[2012/07/15 19:22:39 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage
[2012/07/15 19:22:40 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal
[2012/07/28 13:46:20 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2012/07/28 13:46:20 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage-journal
[2012/10/20 18:43:56 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.yieldmanager.com_0.localstorage
[2012/10/20 18:43:56 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.yieldmanager.com_0.localstorage-journal
[2012/07/28 10:49:14 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
[2012/07/28 10:49:14 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal
[2012/07/28 13:49:06 | 000,329,728 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2012/07/28 13:49:07 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage-journal
[2012/08/11 22:02:40 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nbcolympics.com_0.localstorage
[2012/08/11 22:02:40 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nbcolympics.com_0.localstorage-journal
[2012/07/28 10:53:42 | 000,003,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/07/28 10:53:42 | 000,003,608 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage-journal
[2012/09/06 21:36:10 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\381814F6F5270FFBB27E244D6138BC023AF911D5.heu
[2012/09/06 21:36:10 | 000,157,002 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\381814F6F5270FFBB27E244D6138BC023AF911D5.swz
[2012/09/06 21:36:14 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\5270C4CDF61AB3F586B06B3D5F3E87624A1D7223.heu
[2012/09/06 21:36:14 | 000,322,038 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\5270C4CDF61AB3F586B06B3D5F3E87624A1D7223.swz
[2012/09/06 21:36:13 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\7899EDF6A90C42AAB967D1695CF634953C3CDC0A.heu
[2012/09/06 21:36:13 | 000,054,418 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\7899EDF6A90C42AAB967D1695CF634953C3CDC0A.swz
[2012/09/06 21:36:10 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\8165D3AF89956F505BBF7B18667E0B2CCB9EC367.heu
[2012/09/06 21:36:10 | 000,325,307 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\8165D3AF89956F505BBF7B18667E0B2CCB9EC367.swz
[2012/09/06 21:36:12 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\A61663F0EB79848070C225295C549D272D01B228.heu
[2012/09/06 21:36:12 | 000,466,785 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\A61663F0EB79848070C225295C549D272D01B228.swz
[2012/09/06 21:36:13 | 000,000,151 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\B2302138B70206DAAF6737166713BEC5280D4A90.heu
[2012/09/06 21:36:13 | 000,132,717 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\B2302138B70206DAAF6737166713BEC5280D4A90.swz
[2012/09/06 21:36:14 | 000,000,008 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\2FJSA2PV\cacheSize.txt
[2012/08/11 21:23:39 | 000,000,177 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\as1.suitesmart.com\6thElement.sol
[2012/09/04 02:57:31 | 000,000,220 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\com.conviva.livePass.sol
[2012/09/04 02:57:28 | 000,000,072 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\_ggCvar.sol
[2012/09/04 02:57:28 | 000,000,077 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\_ggCvar_temp.sol
[2012/09/04 03:11:01 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\_ggMCvar_1.sol
[2012/09/04 03:06:37 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\_ggMCvar_2.sol
[2012/09/04 03:25:51 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\assets.espn.go.com\_ggMCvar_3.sol
[2012/08/11 21:05:01 | 000,000,064 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#com\videoegg\dailyflag.sol
[2012/08/11 21:05:13 | 000,000,452 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#com\videoegg\Demo.sol
[2012/08/11 21:05:03 | 000,000,061 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#com\videoegg\OptOut.sol
[2012/08/11 21:05:13 | 000,000,124 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#com\videoegg\Retargeting.sol
[2012/08/11 21:05:03 | 000,000,067 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#com\videoegg\UserProvider.sol
[2012/08/11 21:05:01 | 000,000,100 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\core.saymedia.com\#ve\admanager.sol
[2012/09/04 02:56:58 | 000,000,061 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\entitlement.auth.adobe.com\authorization_access.sol
[2012/09/04 02:56:57 | 000,000,109 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\entitlement.auth.adobe.com\social_data.sol
[2012/10/21 16:21:33 | 000,000,306 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\giantsavings-a.akamaihd.net\items\e6a00\storage.swf\gpl.sol
[2012/09/06 21:36:14 | 000,000,046 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\lightirc.com\start\lightIRC.swf\lightIRC.sol
[2012/10/20 18:44:03 | 000,000,577 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\macromedia.com\support\flashplayer\sys\settings.sol
[2012/10/20 17:36:16 | 000,000,097 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\macromedia.com\support\flashplayer\sys\#giantsavings-a.akamaihd.net\settings.sol
[2012/10/20 18:44:03 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\macromedia.com\support\flashplayer\sys\#www.castto.me\settings.sol
[2012/10/20 18:40:11 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\macromedia.com\support\flashplayer\sys\#www.oovoo.com\settings.sol
[2012/09/06 21:35:24 | 000,000,037 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\mail.google.com\wakeup.sol
[2012/09/06 21:36:09 | 000,000,053 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\player.wavestreamer.com\com.jeroenwijering.sol
[2012/08/11 21:53:55 | 000,000,275 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\s.ytimg.com\videostats.sol
[2012/08/09 20:31:54 | 000,000,044 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\www.nbcolympics.com\code\Flash\VideoPlayer.swf\NBC__YT_BETA_.sol
[2012/10/20 18:40:11 | 000,000,132 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HEKUU5YA\www.oovoo.com\linkshare\ooVooCookie.swf\user_data.sol
[2012/10/21 15:52:08 | 000,000,291 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\settings.sol
[2012/08/09 20:29:29 | 000,000,088 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\settings.sol
[2012/09/04 02:57:19 | 000,000,088 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#assets.espn.go.com\settings.sol
[2012/08/11 21:05:01 | 000,000,087 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#core.saymedia.com\settings.sol
[2012/09/04 02:56:57 | 000,000,096 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#entitlement.auth.adobe.com\settings.sol
[2012/09/06 21:36:14 | 000,000,082 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#lightirc.com\settings.sol
[2012/08/11 21:04:52 | 000,000,085 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#mail.google.com\settings.sol
[2012/09/06 21:36:09 | 000,000,093 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#player.wavestreamer.com\settings.sol
[2012/08/09 20:31:56 | 000,000,081 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
[2012/08/09 20:31:54 | 000,000,089 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.nbcolympics.com\settings.sol
[2012/09/19 22:09:34 | 000,000,083 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.udemy.com\settings.sol
[2012/10/21 16:21:45 | 000,147,456 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3
[2012/10/21 16:21:45 | 000,016,384 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal
[2012/07/07 15:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 22 October 2012 - 03:52 PM

Hi!

Do you happen to have the Extras.txt log file? I'm still in the process of reviewing your latest logs.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 22 October 2012 - 04:19 PM

Hi BostonRed!

Not a problem! I'm glad to be of assistance. :)

We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • Babylon toolbar
  • Bing Bar <== If you don't use it, then I suggest removing it.
  • eBay <== If you don't use it, then I suggest removing it.
  • Giant Savings
  • iLivid
  • SpeedyPC Pro
  • WildTangent Games<== If you don't use it, then I suggest removing it.
  • WildTangent Games App (Dell Games)<== If you don't use it, then I suggest removing it.


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
    IE:64bit: - HKLM\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
    IE - HKLM\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
    IE - HKLM\..\SearchScopes\{65350360-E59D-AFFA-C418-187B3C1EBCBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7
    IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=300912_IKAN_3912_1&babsrc=SP_ss&mntrId=7c10720b00000000000008edb938d0c7
    IE - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
    [2012/10/20 18:45:09 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\freehdsport@freehdsport.tv.xpi
    [2012/09/22 21:40:19 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2012/09/30 13:20:28 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Giant Savings) - {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll (215 Apps)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O15 - HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\..Trusted Domains: localhost ([]* in Local intranet)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/09/30 13:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
    [2012/09/30 13:20:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Giant Savings
    [2012/09/30 13:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
    [2012/09/30 13:20:22 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Babylon
    [2012/09/30 13:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/09/22 22:10:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SpeedyPC Software
    [2012/09/22 22:10:57 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\DriverCure
    [2012/09/22 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/09/22 22:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/09/22 22:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/09/22 22:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    [2012/10/22 06:10:57 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/10/21 18:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/10/14 08:49:42 | 000,001,207 | ---- | M] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
    [2012/09/29 10:33:00 | 000,000,000 | ---- | M] () -- C:\Users\Joe\AppData\Local\
    [2012/09/22 22:28:52 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/09/22 22:28:52 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/09/22 22:11:01 | 000,000,488 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/09/22 22:10:51 | 000,001,207 | ---- | C] () -- C:\Users\Joe\Desktop\SpeedyPC Pro.lnk
    [2012/09/22 22:10:48 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/09/22 22:10:47 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/09/22 22:10:46 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/09/01 10:46:11 | 000,000,000 | ---- | C] () -- C:\Users\Joe\AppData\Local\
    [2012/07/28 08:39:43 | 000,384,844 | ---- | C] () -- C:\Users\Joe\AppData\Local\funmoods-speeddial.crx
    [2012/09/30 13:20:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Babylon
    [2012/09/22 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\DriverCure
    [2012/09/22 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SpeedyPC Software
    [2012/09/22 22:10:46 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job
    [2012/09/22 22:10:47 | 000,000,460 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
    [2012/09/22 22:10:48 | 000,000,512 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/09/22 22:11:01 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 October 2012 - 07:11 PM

Please make sure you include the following items in your next post:
1. Any comments or questions you may have that you'd like for me to answer in my next post to you.>>> I don't see anything that would create an Extras.txt & I can't find anything on the hard drive.
2. OTL fix log file. >>> Attached below.
3. ComboFix.txt log file. >>> Attached below.
4. An update on how your computer is currently running. >>> Everything is working fine.

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{250800EF-4AE2-46F8-912F-A310C8440F88}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{250800EF-4AE2-46F8-912F-A310C8440F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65350360-E59D-AFFA-C418-187B3C1EBCBF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65350360-E59D-AFFA-C418-187B3C1EBCBF}\ not found.
HKU\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3344054911-1990580800-3100181164-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3344054911-1990580800-3100181164-1001\Software\Microsoft\Internet Explorer\SearchScopes\{250800EF-4AE2-46F8-912F-A310C8440F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{250800EF-4AE2-46F8-912F-A310C8440F88}\ not found.
C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\freehdsport@freehdsport.tv.xpi moved successfully.
C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}\ not found.
File C:\Program Files (x86)\Giant Savings\Giant Savings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3344054911-1990580800-3100181164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Program Files (x86)\BabylonToolbar\ not found.
Folder C:\Users\Joe\AppData\Local\Giant Savings\ not found.
Folder C:\Program Files (x86)\Giant Savings\ not found.
C:\Users\Joe\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Joe\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Joe\AppData\Roaming\SpeedyPC Software folder moved successfully.
C:\Users\Joe\AppData\Roaming\DriverCure folder moved successfully.
Folder C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software\ not found.
Folder C:\Program Files (x86)\Common Files\SpeedyPC Software\ not found.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
Folder C:\Program Files (x86)\SpeedyPC Software\ not found.
File C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job not found.
File C:\Windows\tasks\SpeedyPC Registration3.job not found.
File C:\Users\Joe\Desktop\SpeedyPC Pro.lnk not found.
C:\Users\Joe\AppData\Local\ moved successfully.
File C:\Windows\tasks\SpeedyPC Update Version3.job not found.
File C:\Windows\tasks\SpeedyPC Pro.job not found.
File C:\Windows\tasks\SpeedyPC Registration3.job not found.
File C:\Users\Joe\Desktop\SpeedyPC Pro.lnk not found.
File C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job not found.
File C:\Windows\tasks\SpeedyPC Update Version3.job not found.
File C:\Windows\tasks\SpeedyPC Pro.job not found.
File C:\Users\Joe\AppData\Local\ not found.
C:\Users\Joe\AppData\Local\funmoods-speeddial.crx moved successfully.
Folder C:\Users\Joe\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Joe\AppData\Roaming\DriverCure\ not found.
Folder C:\Users\Joe\AppData\Roaming\SpeedyPC Software\ not found.
File C:\Windows\Tasks\SpeedyPC Pro.job not found.
File C:\Windows\Tasks\SpeedyPC Update Version3.job not found.
File C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job not found.
File C:\Windows\Tasks\SpeedyPC Registration3.job not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Joe\Downloads\cmd.bat deleted successfully.
C:\Users\Joe\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joe\Downloads\cmd.bat deleted successfully.
C:\Users\Joe\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes

User: Joe
->Temp folder emptied: 86934359 bytes
->Temporary Internet Files folder emptied: 157764061 bytes
->Java cache emptied: 1579010 bytes
->FireFox cache emptied: 603329794 bytes
->Google Chrome cache emptied: 14728208 bytes
->Flash cache emptied: 49303 bytes

User: Joseph Goss
->Temp folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3613098 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2949596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 38193 bytes

Total Files Cleaned = 831.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS

User: Joe
->Flash cache emptied: 0 bytes

User: Joseph Goss

User: Owner

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default

User: Default User

User: Default User.WINDOWS

User: Joe
->Java cache emptied: 0 bytes

User: Joseph Goss

User: Owner

User: Public

User: TEMP

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10222012_194406

Files\Folders moved on Reboot...
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ComboFix 12-10-22.02 - Joe 10/22/2012 20:01:17.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.6266 [GMT -4:00]
Running from: c:\users\Joe\Documents\My Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 00:06 . 2012-10-23 00:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-23 00:06 . 2012-10-23 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 22:45 . 2012-10-20 22:45 -------- d-----w- c:\program files (x86)\FirstRowSportApp.com
2012-10-20 15:14 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\Rovi
2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Rovi
2012-10-10 10:14 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:14 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 10:14 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 10:14 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 10:14 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:14 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:14 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 10:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 10:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 02:29 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-30 17:30 . 2012-09-30 17:30 -------- d-----w- C:\_OTL
2012-09-30 17:20 . 2012-10-15 11:52 -------- d-----w- c:\programdata\ActivePath
2012-09-30 17:20 . 2012-09-30 17:20 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-09-26 09:49 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 10:52 . 2012-06-25 10:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:39 . 2012-06-14 23:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 10:39 . 2012-06-14 23:51 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 23:54 . 2012-07-07 19:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 12:16 . 2012-07-15 20:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 12:16 . 2012-07-15 20:46 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-22 13:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 13:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 13:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 13:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 13:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 13:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 13:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 13:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 13:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 13:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 13:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 13:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 13:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 13:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 13:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 13:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 13:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 13:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 13:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 13:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 13:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:18 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:18 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:18 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:18 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 10:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 10:18 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 10:18 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 01:57 . 2012-07-25 01:57 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-07-25 01:57 . 2012-07-25 01:57 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-17 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"RoxioNowMediaManagerApp"="c:\program files (x86)\Rovi\Rovi Player\RNowShell.exe" [2012-09-07 3866936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RNow Service;RNow Service;c:\program files (x86)\Rovi\Rovi Player\RNowSvc.exe [2012-09-07 175928]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-10-14 16:43]
.
2012-10-22 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-10-14 16:43]
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 10:39]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 19:02]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.soccerbyives.net/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-14 13:21; activemail@activepath.com; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\activemail@activepath.com
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315&q=
FF - user.js: extensions.funmoods.id - D4BED9CD3972720B
FF - user.js: extensions.funmoods.instlDay - 15549
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7c10720b00000000000008edb938d0c7&q=
FF - user.js: extensions.BabylonToolbar.id - 7c10720b00000000000008edb938d0c7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15613
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.713:20
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-22 20:08:35
ComboFix-quarantined-files.txt 2012-10-23 00:08
ComboFix2.txt 2012-09-30 15:37
ComboFix3.txt 2012-09-29 14:37
.
Pre-Run: 927,184,990,208 bytes free
Post-Run: 926,727,180,288 bytes free
.
- - End Of File - - 2598C448608D6C84F6FB0181C4B9CEA9

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 23 October 2012 - 12:19 PM

Hi!

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.>>> I don't see anything that would create an Extras.txt & I can't find anything on the hard drive.

Okay, no worries, don't worry about that for now.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
ClearJavaCache::
Firefox::
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0DtAzyyBtByBtBtD0BtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=847588315&q=
FF - user.js: extensions.funmoods.id - D4BED9CD3972720B
FF - user.js: extensions.funmoods.instlDay - 15549
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7c10720b00000000000008edb938d0c7&q=
FF - user.js: extensions.BabylonToolbar.id - 7c10720b00000000000008edb938d0c7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15613
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.713:20
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.61.0.4000) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. MalwareBytes' Anti-Malware log file.
4. ESET Online Virus Scan log file.
5. SecurityCheck log file.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 October 2012 - 05:22 AM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.>>> No questions.
2. ComboFix.txt log file. >>> Attached
3. MalwareBytes' Anti-Malware log file. >>> Attached
4. ESET Online Virus Scan log file. >>> Attached
5. SecurityCheck log file. >>> Attached
6. An update on how your computer is currently running. >>> No change to redirect. Babylon tab still shows up in Chrome. For some reason, after running ComboFix and restarting computer, all links to browsers (IE, Firefox, Chrome) were broken. Another restart fixed the problem.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 12-10-23.01 - Joe 10/23/2012 20:18:05.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8105.6367 [GMT -4:00]
Running from: c:\users\Joe\Downloads\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 00:23 . 2012-10-24 00:23 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-24 00:23 . 2012-10-24 00:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 22:45 . 2012-10-20 22:45 -------- d-----w- c:\program files (x86)\FirstRowSportApp.com
2012-10-20 15:14 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\Rovi
2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Rovi
2012-10-10 10:14 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 10:14 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 10:14 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 10:14 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 10:14 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:14 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:14 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:14 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 10:14 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 10:14 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-06 02:29 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-30 17:30 . 2012-09-30 17:30 -------- d-----w- C:\_OTL
2012-09-30 17:20 . 2012-10-15 11:52 -------- d-----w- c:\programdata\ActivePath
2012-09-30 17:20 . 2012-09-30 17:20 -------- d-----w- c:\program files (x86)\FLVPlayer
2012-09-26 09:49 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 10:52 . 2012-06-25 10:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:39 . 2012-06-14 23:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 10:39 . 2012-06-14 23:51 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 23:54 . 2012-07-07 19:46 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 12:16 . 2012-07-15 20:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 12:16 . 2012-07-15 20:46 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-22 13:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 13:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 13:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 13:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 13:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 13:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 13:42 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 13:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 13:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 13:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 13:42 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 13:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 13:42 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 13:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 13:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 13:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 13:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 13:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 13:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 13:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 13:42 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 13:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 10:18 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 10:18 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 10:18 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 10:18 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 10:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 10:18 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 10:18 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 03:39 1011344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-17 5628800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-05-09 1061520]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"RoxioNowMediaManagerApp"="c:\program files (x86)\Rovi\Rovi Player\RNowShell.exe" [2012-09-07 3866936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-21 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 RNow Service;RNow Service;c:\program files (x86)\Rovi\Rovi Player\RNowSvc.exe [2012-09-07 175928]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\ActiveMail Chrome Watcher.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-10-14 16:43]
.
2012-10-24 c:\windows\Tasks\ActiveMail Updater.job
- c:\programdata\ActivePath\ActiveMail\UpdateClient.exe [2012-10-14 16:43]
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 10:39]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 19:02]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-05-09 03:31 1280144 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1424896]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.soccerbyives.net/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-14 13:21; activemail@activepath.com; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\activemail@activepath.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-10-23 20:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-24 00:28
ComboFix2.txt 2012-10-23 00:08
ComboFix3.txt 2012-09-30 15:37
ComboFix4.txt 2012-09-29 14:37
.
Pre-Run: 928,681,283,584 bytes free
Post-Run: 929,198,735,360 bytes free
.
- - End Of File - - A7DED73CDD079F5D77C078FD9E33BC41

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOE-PC [administrator]

10/23/2012 8:43:54 PM
mbam-log-2012-10-23 (20-43-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246860
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AW application
C:\Qoobox\Quarantine\C\Users\Joe\AppData\Roaming\sdsdco.dll.vir a variant of Win32/Medfos.DC trojan
C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Joe\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Joe\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Joe\Downloads\VideoPlayerSetup.exe a variant of Win32/InstallCore.AW application

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 24 October 2012 - 04:37 PM

Hi BostonRed!

No change to redirect. Babylon tab still shows up in Chrome. For some reason, after running ComboFix and restarting computer, all links to browsers (IE, Firefox, Chrome) were broken. Another restart fixed the problem.

Okay.

If you go into your extensions for Chrome do you see anything listed for Babylon? If so, please go ahead and remove it.

If you don't utilize the following program below, I'd suggest uninstalling it:
C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AW application


These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Joe\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Joe\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Joe\Downloads\VideoPlayerSetup.exe a variant of Win32/InstallCore.AW application


These threat(s) below will be removed very shortly:

C:\Qoobox\Quarantine\C\Users\Joe\AppData\Roaming\sdsdco.dll.vir a variant of Win32/Medfos.DC trojan


____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
    C:\Users\Joe\Downloads\iLividSetupV1(1).exe
    C:\Users\Joe\Downloads\iLividSetupV1.exe
    C:\Users\Joe\Downloads\VideoPlayerSetup.exe
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 24 October 2012 - 08:05 PM

What outstanding issues (if any) are you still experiencing with your computer?

There is no extension for Babylon Search in Chrome. It's still showing up.

I tried about 10 Google searches with no sign of the original redirect problem.

+++++++++++++++++++++++++++++++++++

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul moved successfully.
C:\Users\Joe\Downloads\iLividSetupV1(1).exe moved successfully.
C:\Users\Joe\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\Joe\Downloads\VideoPlayerSetup.exe moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Joe\Documents\My Downloads\cmd.bat deleted successfully.
C:\Users\Joe\Documents\My Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Joe\Documents\My Downloads\cmd.bat deleted successfully.
C:\Users\Joe\Documents\My Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes

User: Joe
->Temp folder emptied: 1393004 bytes
->Temporary Internet Files folder emptied: 5671410 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 150047048 bytes
->Google Chrome cache emptied: 26888983 bytes
->Flash cache emptied: 9241 bytes

User: Joseph Goss
->Temp folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS

User: Joe
->Flash cache emptied: 0 bytes

User: Joseph Goss

User: Owner

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_203811

Files\Folders moved on Reboot...
File\Folder C:\Users\Joe\AppData\Local\Temp\etilqs_HP3aXRmmGwTBrtr not found!
C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\p7hnmly8.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\p7hnmly8.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\p7hnmly8.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\p7hnmly8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\p7hnmly8.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


+++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 10/24/2012 8:46:14 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 73.45% Memory free
15.83 Gb Paging File | 13.54 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 864.65 Gb Free Space | 94.33% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 19:41:55 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 06:39:27 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/30 13:21:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.exe
PRC - [2012/09/07 03:57:18 | 000,323,384 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\CNRpc.exe
PRC - [2012/09/07 03:57:14 | 000,175,928 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe
PRC - [2012/09/07 03:56:42 | 003,866,936 | ---- | M] (Rovi Corporation) -- C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/08 23:39:52 | 001,061,520 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/27 17:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 22:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/06/29 09:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/13 19:41:55 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 06:39:27 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/06/21 22:06:55 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/21 22:06:43 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/06/21 22:06:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/06/21 22:06:02 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/06/21 22:05:37 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/06/21 22:05:37 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/06/21 22:05:35 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\36adb4b0a5ebbe454b04030ce2e7291a\System.ServiceModel.ni.dll
MOD - [2012/06/21 22:05:35 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/06/21 19:35:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/06/21 19:35:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/21 19:35:38 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/21 19:35:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/21 19:35:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/21 19:35:20 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/21 19:35:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/21 19:35:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/21 19:35:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/21 19:35:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/21 19:35:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/06 18:26:08 | 000,066,872 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/29 09:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 20:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 20:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/25 00:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/25 00:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/03/22 16:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 21:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 21:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 21:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 20:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 20:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 16:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 16:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/09/09 09:19:14 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/08 23:31:42 | 006,715,024 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/03/08 18:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/13 19:41:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 06:39:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 03:57:14 | 000,175,928 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files (x86)\Rovi\Rovi Player\RNowSvc.exe -- (RNow Service)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/06/14 21:39:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/14 21:39:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 18:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 19:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/27 11:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 20:02:40 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {250800EF-4AE2-46F8-912F-A310C8440F88}
IE - HKCU\..\SearchScopes,DefaultScope = {65350360-E59D-AFFA-C418-187B3C1EBCBF}
IE - HKCU\..\SearchScopes\{65350360-E59D-AFFA-C418-187B3C1EBCBF}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.soccerbyives.net/"
FF - prefs.js..extensions.enabledAddons: {3112ca9c-de6d-4884-a869-9855de680400}:1.9.6.1
FF - prefs.js..extensions.enabledAddons: activemail@activepath.com:5.8.18
FF - prefs.js..extensions.enabledAddons: {B7065F52-F443-11E1-8270-B8AC6F996F26}:2.0.14
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joe\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/10/06 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 19:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 19:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/06 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B7065F52-F443-11E1-8270-B8AC6F996F26}: C:\Users\Joe\AppData\Local\{B7065F52-F443-11E1-8270-B8AC6F996F26}\ [2012/09/01 10:46:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 19:41:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 19:41:53 | 000,000,000 | ---D | M]

[2012/06/20 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
[2012/10/23 05:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions
[2012/06/23 18:00:18 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2012/10/14 13:21:24 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\extensions\activemail@activepath.com
[2012/10/13 19:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/01 10:46:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JOE\APPDATA\LOCAL\{B7065F52-F443-11E1-8270-B8AC6F996F26}
[2012/10/13 19:41:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:35:54 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/30 14:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 19:41:55 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joe\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joe\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: FreeHDSport.TV = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.1_0\
CHR - Extension: YouTube = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Eat24 = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokhaoagebikbmpendajefohibkjilil\2.3_0\
CHR - Extension: Gmail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/24 20:38:14 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120630082835.dll (McAfee, Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120630082835.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files (x86)\Rovi\Rovi Player\RNowShell.exe (Rovi Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{352EC8A6-E339-4729-A8CE-0755E457841A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6DC8A3F-4BF5-436A-AD9F-5C570C3E1149}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 20:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/24 20:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/10/24 20:18:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/23 20:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/23 20:41:21 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/23 20:28:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/20 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
[2012/10/20 18:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirstRowSportApp.com
[2012/10/17 20:57:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rovi
[2012/10/17 20:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Rovi
[2012/10/17 20:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovi
[2012/10/17 20:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovi
[2012/10/13 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/05 22:29:19 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/09/30 13:30:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/30 13:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/09/30 13:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2012/09/30 11:42:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Malware Issues
[2012/09/29 10:26:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/29 10:26:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/29 10:26:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/29 10:24:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/29 10:23:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

========== Files - Modified Within 30 Days ==========

[2012/10/24 20:48:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:48:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 20:41:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/10/24 20:40:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 20:40:42 | 2078,769,151 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 20:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 20:38:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/24 20:17:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001UA.job
[2012/10/23 20:14:53 | 000,001,138 | ---- | M] () -- C:\Users\Joe\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 19:41:22 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/22 07:16:10 | 000,000,512 | ---- | M] () -- C:\Users\Joe\Desktop\MBR.dat
[2012/10/21 16:17:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3344054911-1990580800-3100181164-1001Core.job
[2012/10/21 16:07:57 | 000,000,000 | ---- | M] () -- C:\Users\Joe\defogger_reenable
[2012/10/20 18:45:06 | 000,001,141 | ---- | M] () -- C:\Users\Joe\Desktop\FirstRowSportApp.lnk
[2012/10/17 20:57:13 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Rovi Player.lnk
[2012/10/17 20:57:13 | 000,001,779 | ---- | M] () -- C:\Users\Joe\Documents\RES.lnk
[2012/10/17 20:55:52 | 000,000,024 | ---- | M] () -- C:\ProgramData\RNowSvc.ini
[2012/10/15 07:52:53 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/10/10 22:18:21 | 000,002,479 | ---- | M] () -- C:\Users\Joe\Desktop\Google Chrome.lnk
[2012/09/30 13:31:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012/09/30 13:20:21 | 000,001,027 | ---- | M] () -- C:\Users\Joe\Desktop\Video Player.lnk
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/23 20:14:53 | 000,001,138 | ---- | C] () -- C:\Users\Joe\Desktop\ComboFix - Shortcut.lnk
[2012/10/22 07:16:10 | 000,000,512 | ---- | C] () -- C:\Users\Joe\Desktop\MBR.dat
[2012/10/21 16:07:57 | 000,000,000 | ---- | C] () -- C:\Users\Joe\defogger_reenable
[2012/10/20 18:45:06 | 000,001,141 | ---- | C] () -- C:\Users\Joe\Desktop\FirstRowSportApp.lnk
[2012/10/17 20:57:13 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Rovi Player.lnk
[2012/10/17 20:57:13 | 000,001,779 | ---- | C] () -- C:\Users\Joe\Documents\RES.lnk
[2012/10/17 20:55:52 | 000,000,024 | ---- | C] () -- C:\ProgramData\RNowSvc.ini
[2012/10/15 07:52:54 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ActiveMail Updater.job
[2012/10/15 07:52:40 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\ActiveMail Chrome Watcher.job
[2012/09/30 13:20:21 | 000,001,027 | ---- | C] () -- C:\Users\Joe\Desktop\Video Player.lnk
[2012/09/29 10:26:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/29 10:26:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/29 10:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/29 10:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/29 10:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 01:10:15 | 000,000,253 | -H-- | C] () -- C:\ProgramData\hpothb07.tif
[2012/06/22 01:10:15 | 000,000,164 | -H-- | C] () -- C:\ProgramData\hpothb07.dat
[2012/06/22 01:10:00 | 000,000,984 | ---- | C] () -- C:\ProgramData\QTSBandwidthCache
[2012/06/14 21:16:47 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/14 21:16:46 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/14 21:16:44 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/23 09:30:45 | 000,353,900 | ---- | C] () -- C:\Users\Joe\Recyclebank's Green Your Vacation Travel Checklist.pdf
[2011/02/10 12:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/22 20:30:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Canon
[2012/07/13 19:35:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Catalina Marketing Corp
[2012/06/20 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Fingertapps
[2012/06/22 06:02:05 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\LibreOffice
[2012/06/24 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PCDr
[2012/10/22 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/13 19:41:55 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/10/13 19:41:55 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/14 21:15:49 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 25 October 2012 - 04:47 PM

Hi!

Can you please confirm whether or not your still experiencing the issues with Babylon?

Please run the following scan:

Running AdwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 25 October 2012 - 07:59 PM

Yes, the Babylon still shows up as a tab in Chrome. Otherwise, no sign of redirects from Google in Firefox.

+++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v2.005 - Logfile created 10/25/2012 at 20:55:51
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\Joe\Documents\My Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Users\Joe\AppData\Local\Ilivid Player
Folder Found : C:\Users\Joe\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Joe\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\prefs.js

Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.hdrMd5", "90A73C9E45F6841171E01A1BCB15B808");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:39:38");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:39:38");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxp://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7" ]
Found [l.1898] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxp://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7" ]

*************************

AdwCleaner[R1].txt - [7275 octets] - [25/10/2012 20:55:51]

########## EOF - C:\AdwCleaner[R1].txt - [7335 octets] ##########

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:20 PM

Posted 28 October 2012 - 04:51 PM

Hi!

My apologizes for the delay, I've been a bit swamped lately, and am just getting a free moment to log onto my computer.

Please do the following fix:

Running AdwCleaner -- Delete Option

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 BostonRed

BostonRed
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 29 October 2012 - 06:38 AM

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 07:37:39
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\Joe\Documents\My Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Users\Joe\AppData\Local\Ilivid Player
Folder Found : C:\Users\Joe\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Joe\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\p7hnmly8.default\prefs.js

Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.hdrMd5", "90A73C9E45F6841171E01A1BCB15B808");
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:39:38");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:39:38");

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxp://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7" ]
Found [l.1898] : urls_to_restore_on_startup = [ "hxxp://mail.google.com/", "hxxp://search.babylon.com/?affID=110790&tt=300912_IKAN_3912_1&babsrc=HP_ss&mntrId=7c10720b00000000000008edb938d0c7" ]

*************************

AdwCleaner[R1].txt - [7370 octets] - [25/10/2012 20:55:51]
AdwCleaner[R2].txt - [7335 octets] - [29/10/2012 07:37:39]

########## EOF - C:\AdwCleaner[R2].txt - [7395 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users