WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Newbie Here...I need help, I think I am drowning. [Solved]

Started by wjh1170 , Jan 20 2014 01:34 PM

This topic is locked

32 replies to this topic

#1 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 20 January 2014 - 01:34 PM

It is nice to meet everyone here. Let me be clear, I am not a computer expert, I haven't updated from Windows XP because it is comfortable to me. I survived a brain injury 12 years ago and used the computer to help rehabilitate myself. What I do well......listen, read, and follow instructions.

To my problem;

I recently had Internet service restored to my home after a 2 year break due to an illness recovery. I am with Exede Internet (Out in the Country...not many options) and have a 10GB data allowance. According to them I blew through that in the first five days of usage. I did all my updating and program downloads at night during their free time at night yet I continue to blow through the internet usage. I currently use Zone Alarm as a firewall, AVG as antivirus, run Malwarebytes daily and use Spybot daily in an attempt to sort this out. Malwarebytes is the only program that ever finds anything and it heals or deletes them every time.

Tech Support at Exede says all my bandwidth usage is due to browsing, not downloads, not you tube or other vide sites.......Web Browsing. Even they have no explanation as to how I could possibly go through 10 GB of data every 5 days just browsing (and I am only on the Computer perhaps one to two hours per day). I use a secured router so I do not believe I am getting leeched.

I read how to post and hope I followed the format that you all prefer, I just need suggestions or help.

Here is my Hijack this Log;

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:50:18 PM, on 1/20/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\PROGRA~1\AVG\AVG2014\avgrsx.exe
D:\Program Files\AVG\AVG2014\avgcsrvx.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\AVG\AVG2014\avgidsagent.exe
D:\Program Files\AVG\AVG2014\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
D:\Program Files\AVG\AVG2014\avgnsx.exe
D:\Program Files\AVG\AVG2014\avgemcx.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\AVG\AVG2014\avgui.exe
D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
D:\Program Files\AVG\AVG2014\avgcsrvx.exe
D:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_UI] "D:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [ZoneAlarm] "D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} (McciContext Class) - http://phughescw.hug.../Mcci_6-1-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - D:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - D:\WINDOWS.0\SYSTEM32\LxrJD31s.exe
O23 - Service: McciCMService - Motive Communications, Inc. - D:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 9794 bytes

wjh1170 (Bill)

Advertisements

Register to Remove

#2 Jo*

SuperMember

Malware Team
1,208 posts

Posted 21 January 2014 - 03:18 AM

:welcome:

Hello wjh1170,

my name is Jo and I will help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please follow these guidelines:

Logs can take a while to research, so please be patient.
Read and follow the instructions in the sequence they are posted.
print or copy & save instructions.
Do not install / uninstall any applications, unless otherwise instructed.
Use only that tools you have been instructed to use.
Copy and Paste the log files inside your post, unless otherwise instructed.
Ask for clarification, if you have any questions.
Stay with this topic til you get the all clean post.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I will return as soon as possible with more instructions.

wjh1170 likes this

Graduate of the WTT Classroom
Cheers,
Jo

#3 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 21 January 2014 - 03:22 AM

Thank You Jo....no worries I am very patient, I have four kids :-)

wjh1170 (Bill)

#4 Jo*

SuperMember

Malware Team
1,208 posts

Posted 21 January 2014 - 04:32 AM

Hello wjh1170,

1. Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

***

3. Download OTL to your desktop.

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***

Graduate of the WTT Classroom
Cheers,
Jo

#5 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 21 January 2014 - 04:59 AM

Here is the first report you requested;

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2014
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
CCleaner
SlimCleaner
Java™ 6 Update 16
Java™ 6 Update 18
Java™ 6 Update 20
Java 7 Update 51
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player    12.0.0.43
Adobe Reader XI
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
CheckPoint ZoneAlarm ZAPrivacyService.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive D:: 3%
````````````````````End of Log``````````````````````

On Malwarebytes Anti-Rootkit I get the following message after install and update:

"DDA Driver was not installed which may be caused by rootkit activity. Do you want to reboot the computer to install? "

When I click yes I get:

"Could not install driver on boot. Scan Can't continue."

I will post OTL Scans as soon as they complete.Thank you so very much for your help!!!!!

wjh1170 (Bill)

#6 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 21 January 2014 - 05:39 AM

The OTL Scans you requested;

OTL logfile created on: 1/21/2014 6:22:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HESS\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.99% Memory free
5.85 Gb Paging File | 5.23 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092D:\pagef [Binary data over 200 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS.0 | %ProgramFiles% = D:\Program Files
Drive C: | 74.50 Gb Total Space | 6.79 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
Drive D: | 55.89 Gb Total Space | 20.31 Gb Free Space | 36.33% Space Free | Partition Type: NTFS

Computer Name: HESS-A23995F71B | User Name: HESS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HESS\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Documents and Settings\HESS\Local Settings\Application Data\Installer\Install_11931\ytdi_adk_setup_20131212.exe ()
PRC - D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - D:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
PRC - D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)
PRC - D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
PRC - D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe (ShaPlus Software)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
PRC - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)

========== Modules (No Company Name) ==========

MOD - D:\Documents and Settings\HESS\Local Settings\Application Data\Installer\Install_11931\ytdi_adk_setup_20131212.exe ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll ()
MOD - D:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - D:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll ()
MOD - D:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\WINDOWS.0\system32\Incinerator.dll ()
MOD - D:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ()

========== Services (SafeList) ==========

SRV - (TTFixerService) -- D:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe File not found
SRV - (CltMngSvc) -- D:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Motorola Device Manager) -- D:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)
SRV - (AVGIDSAgent) -- D:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- D:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (ZAPrivacyService) -- D:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies, Ltd.)
SRV - (avgwd) -- D:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- D:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (getPlusHelper) -- D:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LxrJD31s) -- D:\WINDOWS.0\System32\LxrJD31s.exe ()
SRV - (FileZilla Server) -- D:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
SRV - (UpdateCenterService) -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (nTuneService) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (spupdsvc) -- D:\WINDOWS.0\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (NeroRegInCDSrv) -- D:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (InCDsrv) -- D:\Program Files\Nero\Nero8\InCD\InCDsrv.exe (Nero AG)
SRV - (Maxtor Sync Service) -- D:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (SandraAgentSrv) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (Diskeeper) -- D:\Program Files\Executive Software\Diskeeper\DkService.exe (Executive Software International, Inc.)
SRV - (rpcapd) -- D:\Program Files\WinPcap\rpcapd.exe (NetGroup - Politecnico di Torino)
SRV - (Pctspk) -- D:\WINDOWS.0\system32\pctspk.exe (PCtel, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WudfRd) -- D:\WINDOWS.0\system32\wudfrd.sys File not found
DRV - (WudfPf) -- D:\WINDOWS.0\system32\WudfPf.sys File not found
DRV - (WDICA) -- File not found
DRV - (SWUMX20) -- system32\DRIVERS\swumx20.sys File not found
DRV - (PLTurbo) -- system32\drivers\plturbo.sys File not found
DRV - (PLTurbh) -- system32\drivers\plturbh.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- D:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MpKslc4fa901a) -- d:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{770A43F5-431F-44BC-8FF1-80B9C62ADAB6}\MpKslc4fa901a.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Inspect) -- System32\DRIVERS\inspect.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (cmdHlp) -- System32\DRIVERS\cmdhlp.sys File not found
DRV - (cmdGuard) -- System32\DRIVERS\cmdguard.sys File not found
DRV - (cmderd) -- System32\DRIVERS\cmderd.sys File not found
DRV - (Changer) -- File not found
DRV - (qwepauk) -- D:\WINDOWS.0\system32\drivers\wvyg.sys ()
DRV - (mbamchameleon) -- D:\WINDOWS.0\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (SWDUMon) -- D:\WINDOWS.0\system32\drivers\SWDUMon.sys ()
DRV - (Avgdiskx) -- D:\WINDOWS.0\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- D:\WINDOWS.0\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- D:\WINDOWS.0\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- D:\WINDOWS.0\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Vsdatant) -- D:\WINDOWS.0\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (AVGIDSHX) -- D:\WINDOWS.0\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (HMD) -- D:\WINDOWS.0\system32\drivers\hmd.sys ()
DRV - (Avgmfx86) -- D:\WINDOWS.0\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- D:\WINDOWS.0\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- D:\WINDOWS.0\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- D:\WINDOWS.0\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CFRMD) -- D:\WINDOWS.0\system32\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (BTCFilterService) -- D:\WINDOWS.0\system32\drivers\motfilt.sys (Motorola Inc)
DRV - (motusbdevice) -- D:\WINDOWS.0\system32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (Motousbnet) -- D:\WINDOWS.0\system32\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV - (motccgp) -- D:\WINDOWS.0\system32\drivers\motccgp.sys (Motorola Mobility Inc)
DRV - (MotoSwitchService) -- D:\WINDOWS.0\system32\drivers\motswch.sys (Motorola)
DRV - (SASKUTIL) -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LxrJD31d) -- D:\WINDOWS.0\system32\drivers\LxrJD31d.sys ()
DRV - (cpuz133) -- D:\WINDOWS.0\system32\drivers\cpuz133_x32.sys (Windows ® Win 7 DDK provider)
DRV - (SASENUM) -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv) -- D:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (nvoclock) -- D:\WINDOWS.0\system32\drivers\nvoclock.sys (NVIDIA Corp.)
DRV - (swmsflt) -- D:\WINDOWS.0\system32\drivers\swmsflt.sys ()
DRV - (InCDfs) -- D:\WINDOWS.0\system32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- D:\WINDOWS.0\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- D:\WINDOWS.0\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- D:\WINDOWS.0\system32\drivers\InCDrec.sys (Nero AG)
DRV - (gameenum) -- D:\WINDOWS.0\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nm) -- D:\WINDOWS.0\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (AN983) -- D:\WINDOWS.0\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (SANDRA) -- D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LMouKE) -- D:\WINDOWS.0\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- D:\WINDOWS.0\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\WINDOWS.0\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- D:\WINDOWS.0\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- D:\WINDOWS.0\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (MREMP50) -- D:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- D:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MXOPSWD) -- D:\WINDOWS.0\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (camvid40) -- D:\WINDOWS.0\system32\drivers\camdrv41.sys (Philips Consumer Electronics)
DRV - (NPF) -- D:\WINDOWS.0\system32\drivers\npf.sys (NetGroup - Politecnico di Torino)
DRV - (smrt) -- D:\WINDOWS.0\system32\drivers\smrt.sys (Sony Corporation)
DRV - (itchfltr) -- D:\WINDOWS.0\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (als4k) -- D:\WINDOWS.0\system32\drivers\als4000.sys (Avance Logic, Inc.)
DRV - (Vpctcom) -- D:\WINDOWS.0\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- D:\WINDOWS.0\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- D:\WINDOWS.0\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- D:\WINDOWS.0\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (DMICall) -- D:\WINDOWS.0\system32\drivers\DMICall.sys (Sony Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {D7E36EA9-168A-45D3-9BA2-1B70F49BD2C6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zoneal...=&tstsId=&ver=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 A7 8B 79 3A 0C CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS.0\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {D7E36EA9-168A-45D3-9BA2-1B70F49BD2C6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A65FE-2087-4F0E-9609-5B154A682F67}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{C365D2C2-CDBB-4D39-84BD-ED1418F9D43C}: "URL" = http://search.zoneal...Id=&ver=&&r=203
IE - HKCU\..\SearchScopes\{D7E36EA9-168A-45D3-9BA2-1B70F49BD2C6}: "URL" = http://search.condui...6121124954&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: 2eb528f3-950d-48a3-be4b-5d7de6c8331e%40a41e199b-6ca4-4d23-ab87-73f2d1973314.com:0.93.212
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23
FF - prefs.js..keyword.URL: "http://www-search.ne...bc36d3a6f9,&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS.0\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: D:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: D:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 15:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2013/12/18 13:37:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2014/01/18 02:37:02 | 000,000,000 | ---D | M]

[2009/06/15 15:30:19 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Extensions
[2009/06/15 15:30:19 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2014/01/19 04:05:53 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions
[2013/12/19 16:51:17 | 000,000,000 | ---D | M] (WOT) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/22 04:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/19 04:05:56 | 000,000,000 | ---D | M] ("iWebar") -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
[2013/12/22 06:29:16 | 000,000,000 | ---D | M] ("PrivDog") -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\PrivDog@AdTrustMedia.com
[2014/01/19 04:05:54 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData
[2014/01/19 04:05:54 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins
[2014/01/19 04:05:55 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode
[2013/12/18 12:24:12 | 000,348,260 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\personas@christopher.beard.xpi
[2014/01/18 01:15:26 | 000,940,775 | ---- | M] () (No name found) -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/16 01:30:38 | 000,002,289 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\alexa.xml
[2014/01/04 02:59:05 | 000,001,100 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\connect-dlc-5-customized-web-search.xml
[2009/06/15 16:41:45 | 000,001,632 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\live-search.xml
[2013/12/23 04:37:08 | 000,001,500 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\zonealarm.xml
[2011/11/09 16:12:29 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2013/12/18 12:23:00 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/18 12:22:59 | 000,000,000 | ---D | M] (Default) -- D:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/01 15:51:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\WINDOWS.0\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2004/09/08 23:03:50 | 000,049,152 | ---- | M] (Macromedia, Inc.) -- D:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2013/12/21 01:04:22 | 000,225,656 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/16 22:00:00 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2013/12/19 06:39:13 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2013/12/19 06:39:15 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2013/12/19 06:39:16 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2013/12/19 06:39:18 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2013/12/19 06:39:20 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/08/16 22:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- D:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2010/03/29 07:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- D:\Program Files\mozilla firefox\plugins\np_gp.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - Extension: Free Mp3 Music Search & Downloads = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aghgalahdhgjcpjhdeknpodognmmkgeh\2.0_0\
CHR - Extension: Mp3Skull Toolbar = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda\1.5.4_0\
CHR - Extension: Google Docs = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MusicOK - Odnoklassniki music = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghkaiibchaggdgpdkmbbgdehaecjhcoc\3.3.4_0\
CHR - Extension: Google Play Music = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\
CHR - Extension: Northern Lights = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbnkklencjcmkepldaineciclcheaoef\1.2_0\
CHR - Extension: Google Wallet = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/02/03 16:20:58 | 000,441,096 | R--- | M]) - D:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS.0\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS.0\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS.0\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] D:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] "D:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s File not found
O4 - HKLM..\Run: [ZoneAlarm] D:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FreeRAM XP] D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKLM..\RunOnce: [ (A0)] D:\WINDOWS.0\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS.0\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS.0\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS.0\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - D:\WINDOWS.0\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} http://phughescw.hug.../Mcci_6-1-0.cab (McciContext Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F35E9F8-C8F5-44E1-98A7-A03CF2BC6842}: DhcpNameServer = 67.142.164.10 67.142.164.11 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88C1685A-4604-41DA-89EC-6F6F00B585F0}: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS.0\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS.0\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS.0\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS.0\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS.0\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS.0\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS.0\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS.0\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS.0\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS.0\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS.0\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS.0\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS.0\system32\userinit.exe) - D:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS.0\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS.0\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS.0\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - D:\WINDOWS.0\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - D:\WINDOWS.0\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - D:\WINDOWS.0\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - D:\WINDOWS.0\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - D:\WINDOWS.0\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - D:\WINDOWS.0\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - D:\WINDOWS.0\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - D:\WINDOWS.0\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - D:\WINDOWS.0\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - D:\WINDOWS.0\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - D:\WINDOWS.0\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS.0\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS.0\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS.0\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS.0\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS.0\system32\wpdshserviceobj.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\HESS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS.0\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS.0\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS.0\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS.0\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS.0\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS.0\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS.0\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - D:\WINDOWS.0\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS.0\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 07:52:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{135aa8c6-8ef6-11e2-a76e-000c6e617452}\Shell - "" = AutoRun
O33 - MountPoints2\{135aa8c6-8ef6-11e2-a76e-000c6e617452}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{135aa8c6-8ef6-11e2-a76e-000c6e617452}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{135aa8c7-8ef6-11e2-a76e-000c6e617452}\Shell - "" = AutoRun
O33 - MountPoints2\{135aa8c7-8ef6-11e2-a76e-000c6e617452}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{135aa8c7-8ef6-11e2-a76e-000c6e617452}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant_installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/21 05:49:57 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\MBAMSwissArmy.sys
[2014/01/21 05:48:45 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 05:48:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\mbar
[2014/01/21 04:10:00 | 000,000,000 | ---D | C] -- D:\SUPERDelete
[2014/01/21 03:31:50 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\HESS\Recent
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Program Files\ShaPlus Bandwidth Meter
[2014/01/20 13:38:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\ShaPlus Bandwidth Meter
[2014/01/20 12:42:45 | 000,000,000 | ---D | C] -- D:\Program Files\WinPcap
[2014/01/20 03:07:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\tor
[2014/01/19 04:04:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\SearchModule
[2014/01/19 04:02:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Goobzo
[2014/01/19 04:02:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Installer
[2014/01/19 04:02:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\CrashRpt
[2014/01/18 02:43:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Motorola Device Manager
[2014/01/18 02:42:43 | 001,461,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS.0\System32\wdfcoinstaller01009.dll
[2014/01/18 02:42:43 | 000,011,264 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motusbdevice.sys
[2014/01/18 02:42:42 | 000,023,936 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\Motousbnet.sys
[2014/01/18 02:42:42 | 000,006,272 | ---- | C] (Motorola Inc) -- D:\WINDOWS.0\System32\drivers\motfilt.sys
[2014/01/18 02:42:37 | 000,021,376 | ---- | C] (Motorola Mobility Inc) -- D:\WINDOWS.0\System32\drivers\motccgp.sys
[2014/01/18 02:42:37 | 000,006,656 | ---- | C] (Motorola) -- D:\WINDOWS.0\System32\drivers\motswch.sys
[2014/01/18 02:42:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\V & Other Pics
[2014/01/17 14:45:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\uTorrent
[2014/01/16 23:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\libimobiledevice
[2014/01/16 03:35:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SlimCleaner
[2014/01/16 03:35:16 | 000,000,000 | ---D | C] -- D:\Program Files\SlimCleaner
[2014/01/16 01:20:50 | 000,264,616 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaws.exe
[2014/01/16 01:20:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\javaw.exe
[2014/01/16 01:20:34 | 000,174,504 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\java.exe
[2014/01/16 01:20:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- D:\WINDOWS.0\System32\WindowsAccessBridge.dll
[2014/01/08 06:27:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Sun
[2014/01/07 05:19:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Java
[2014/01/07 05:17:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\McAfee
[2014/01/07 05:03:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Microsoft Bootvis
[2014/01/07 05:03:13 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Bootvis
[2014/01/07 04:55:28 | 000,000,000 | ---D | C] -- D:\Fonts Backup
[2014/01/06 04:59:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\Music Manager
[2014/01/06 04:59:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\Programs
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Program Files\YourWare Solutions
[2014/01/04 03:01:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Start Menu\Programs\FreeRAM XP Pro
[2014/01/04 03:00:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\.android
[2014/01/04 03:00:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\cache
[2014/01/04 03:00:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Local Settings\Application Data\genienext
[2014/01/04 02:58:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Conduit
[2013/12/29 05:51:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Desktop\Ebay Pics
[2013/12/29 03:50:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\WinPatrol
[2013/12/29 03:36:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\WinPatrol
[2013/12/29 03:36:48 | 000,000,000 | ---D | C] -- D:\Program Files\BillP Studios
[2013/12/29 03:36:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\InstallMate
[2013/12/25 04:11:12 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- D:\WINDOWS.0\System32\CSVer.dll
[2013/12/25 04:09:37 | 000,000,000 | ---D | C] -- D:\Intel
[2013/12/25 04:08:11 | 000,000,000 | ---D | C] -- D:\adaptec
[2013/12/25 04:00:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\HESS\Application Data\Sierra Wireless
[2013/12/25 03:14:32 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Office Live Add-in
[2002/12/23 06:45:40 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- D:\Program Files\Common Files\tppupd2k.dll
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/21 06:26:00 | 000,000,834 | ---- | M] () -- D:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2014/01/21 06:12:00 | 000,000,974 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/21 06:05:00 | 000,000,436 | ---- | M] () -- D:\WINDOWS.0\tasks\SMupdate2.job
[2014/01/21 06:02:04 | 000,054,016 | ---- | M] () -- D:\WINDOWS.0\System32\drivers\wvyg.sys
[2014/01/21 06:01:00 | 000,000,232 | ---- | M] () -- D:\WINDOWS.0\tasks\Scheduled Update for Ask Toolbar.job
[2014/01/21 05:51:35 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\MBAMSwissArmy.sys
[2014/01/21 05:50:35 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS.0\System32\drivers\mbamchameleon.sys
[2014/01/21 05:46:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/21 05:12:01 | 000,000,922 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2014/01/21 04:35:01 | 000,000,436 | ---- | M] () -- D:\WINDOWS.0\tasks\SMupdate1.job
[2014/01/21 04:08:15 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/21 04:07:47 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/21 04:04:00 | 000,000,346 | ---- | M] () -- D:\WINDOWS.0\tasks\YTDownloaderUpd.job
[2014/01/21 03:03:00 | 000,000,620 | ---- | M] () -- D:\WINDOWS.0\tasks\Installer_cr.job
[2014/01/21 02:50:37 | 000,002,206 | ---- | M] () -- D:\WINDOWS.0\System32\wpa.dbl
[2014/01/21 02:49:36 | 000,000,240 | ---- | M] () -- D:\WINDOWS.0\tasks\OGALogon.job
[2014/01/21 02:49:35 | 000,000,436 | ---- | M] () -- D:\WINDOWS.0\tasks\SMupdate3.job
[2014/01/21 02:49:33 | 000,000,882 | ---- | M] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore1cefc1ca1468c7b.job
[2014/01/21 02:49:33 | 000,000,482 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK_DELETE.job
[2014/01/21 02:49:33 | 000,000,454 | ---- | M] () -- D:\WINDOWS.0\tasks\AVG_SYS_TASK.job
[2014/01/21 02:49:16 | 000,002,048 | --S- | M] () -- D:\WINDOWS.0\bootstat.dat
[2014/01/20 13:49:34 | 000,002,439 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\HiJackThis.lnk
[2014/01/20 13:24:00 | 000,000,284 | ---- | M] () -- D:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2014/01/20 04:46:31 | 000,002,201 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Live From The Press Box.Com.lnk
[2014/01/20 04:46:31 | 000,001,831 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/20 04:46:31 | 000,000,815 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 04:46:31 | 000,000,742 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/20 03:02:16 | 000,000,803 | ---- | M] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/19 02:52:34 | 000,001,324 | ---- | M] () -- D:\WINDOWS.0\System32\d3d9caps.dat
[2014/01/19 02:44:07 | 000,000,460 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/18 03:01:49 | 000,000,476 | ---- | M] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:59:21 | 000,000,051 | ---- | M] () -- D:\WINDOWS.0\iTouch.ini
[2014/01/18 02:45:00 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:43:18 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | M] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:32:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerApp.exe
[2014/01/18 02:32:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS.0\System32\FlashPlayerCPLApp.cpl
[2014/01/07 05:59:10 | 000,044,128 | ---- | M] () -- D:\WINDOWS.0\System32\FNTCACHE.DAT
[2013/12/30 05:26:17 | 000,000,215 | ---- | M] () -- D:\WINDOWS.0\wininit.ini
[2013/12/29 05:01:59 | 000,001,798 | ---- | M] () -- D:\Documents and Settings\HESS\Desktop\WinPatrol.lnk
[2013/12/25 03:41:03 | 000,013,464 | ---- | M] () -- D:\WINDOWS.0\System32\drivers\SWDUMon.sys
[2013/12/25 03:40:51 | 000,002,235 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimDrivers.lnk
[2013/12/25 03:24:52 | 000,000,682 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk
[2013/12/23 05:01:07 | 000,417,513 | ---- | M] () -- D:\WINDOWS.0\System32\vsconfig.xml
[2013/12/23 04:40:38 | 000,000,539 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\ZoneAlarm Security.lnk
[3 D:\Documents and Settings\HESS\*.tmp files -> D:\Documents and Settings\HESS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/21 06:02:04 | 000,054,016 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\wvyg.sys
[2014/01/21 04:07:47 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\HESS\defogger_reenable
[2014/01/20 03:01:24 | 000,000,803 | ---- | C] () -- D:\Documents and Settings\HESS\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/01/19 04:05:19 | 000,000,436 | ---- | C] () -- D:\WINDOWS.0\tasks\SMupdate3.job
[2014/01/19 04:05:18 | 000,000,436 | ---- | C] () -- D:\WINDOWS.0\tasks\SMupdate2.job
[2014/01/19 04:05:15 | 000,000,436 | ---- | C] () -- D:\WINDOWS.0\tasks\SMupdate1.job
[2014/01/19 04:04:55 | 000,000,346 | ---- | C] () -- D:\WINDOWS.0\tasks\YTDownloaderUpd.job
[2014/01/19 04:03:04 | 000,000,620 | ---- | C] () -- D:\WINDOWS.0\tasks\Installer_cr.job
[2014/01/18 03:01:49 | 000,000,476 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Update.job
[2014/01/18 02:45:00 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motfilt_01009.Wdf
[2014/01/18 02:44:59 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_Motousbnet_01009.Wdf
[2014/01/18 02:44:27 | 000,000,460 | ---- | C] () -- D:\WINDOWS.0\tasks\Motorola Device Manager Engine.job
[2014/01/18 02:43:18 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motccgp_01009.Wdf
[2014/01/18 02:43:12 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\Msft_Kernel_motusbdevice_01009.Wdf
[2014/01/18 02:43:10 | 000,000,000 | -H-- | C] () -- D:\WINDOWS.0\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2014/01/18 02:37:03 | 000,001,738 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\Adobe Reader XI.lnk
[2014/01/18 02:37:02 | 000,001,808 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader XI.lnk
[2014/01/16 03:35:19 | 000,002,235 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\SlimCleaner.lnk
[2014/01/06 04:58:40 | 000,000,974 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
[2014/01/06 04:58:39 | 000,000,922 | ---- | C] () -- D:\WINDOWS.0\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
[2013/12/29 05:01:59 | 000,001,798 | ---- | C] () -- D:\Documents and Settings\HESS\Desktop\WinPatrol.lnk
[2013/12/23 04:40:38 | 000,000,539 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Desktop\ZoneAlarm Security.lnk
[2013/12/22 08:43:24 | 000,000,215 | ---- | C] () -- D:\WINDOWS.0\wininit.ini
[2013/12/22 04:37:34 | 000,013,464 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\SWDUMon.sys
[2013/12/19 05:23:29 | 000,003,072 | ---- | C] () -- D:\WINDOWS.0\System32\iacenc.dll
[2013/10/07 00:17:38 | 000,014,272 | ---- | C] () -- D:\WINDOWS.0\System32\drivers\hmd.sys
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- D:\WINDOWS.0\System32\nvdata.data
[2012/01/30 12:54:55 | 000,098,304 | ---- | C] () -- D:\WINDOWS.0\System32\redmonnt.dll
[2010/08/31 05:28:53 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\housecall.guid.cache
[2010/07/04 03:20:27 | 000,000,091 | ---- | C] () -- D:\Documents and Settings\HESS\Application Data\default.pls
[2010/05/09 03:49:57 | 000,000,600 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\PUTTY.RND
[2010/04/28 03:50:49 | 001,401,344 | ---- | C] () -- D:\Program Files\HijackThis.msi
[2009/12/14 18:48:49 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\HESS\.rnd
[2009/09/21 17:04:52 | 000,000,568 | RHS- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\ntuser.pol
[2009/06/21 02:48:15 | 007,118,848 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/06/15 15:51:18 | 000,036,864 | ---- | C] () -- D:\Documents and Settings\HESS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/09 18:00:24 | 000,000,086 | ---- | C] () -- D:\Documents and Settings\HESS\DelB18.bat

========== ZeroAccess Check ==========

[2009/06/09 17:49:41 | 000,000,227 | RHS- | M] () -- D:\WINDOWS.0\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 23:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS.0\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS.0\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/18 13:59:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/19 17:17:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Adtrustmedia
[2010/02/06 06:25:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Alwil Software
[2013/12/19 04:16:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVAST Software
[2013/12/21 05:02:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVG 1213b Campaign
[2013/12/19 04:31:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\AVG2014
[2013/12/22 04:11:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\CheckPoint
[2013/12/19 04:24:12 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Common Files
[2014/01/16 06:14:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Conduit
[2010/09/01 04:11:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\F-Secure
[2013/12/29 03:36:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\InstallMate
[2010/06/16 05:37:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\iolo
[2011/10/22 15:37:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\LightScribe
[2009/07/09 03:32:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Maxtor
[2014/01/21 03:06:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\MFAData
[2013/09/21 11:16:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Motorola
[2014/01/20 04:47:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\SearchModule
[2009/11/24 06:06:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\TrueCrypt
[2009/09/24 05:57:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\WinZip
[2009/12/21 06:57:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\ZA_PreservedFiles
[2009/06/21 06:24:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/09 04:50:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 05:43:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/21 06:29:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/06 05:27:30 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users.WINDOWS.0\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2013/12/18 13:22:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\AVAST Software
[2013/12/19 04:32:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\AVG2014
[2009/12/21 07:06:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\CheckPoint
[2010/02/16 06:02:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/06 12:51:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\com.hughesnet.HughesNetStatusMeter.01AEF16E74A158B173D9EB6C77C7CD8D859A7566.1
[2013/12/29 05:06:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Dropbox
[2011/10/06 13:57:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\FileZilla
[2010/06/16 05:37:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\iolo
[2009/06/16 09:29:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Leadertech
[2013/09/21 11:12:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Motorola
[2013/09/21 11:15:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Motorola Mobility
[2010/01/06 07:08:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\OpenOffice.org
[2013/12/25 04:00:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Sierra Wireless
[2009/07/01 03:09:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Smart Panel
[2009/08/09 14:50:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\Smith Micro
[2010/06/05 05:25:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\SystemRequirementsLab
[2013/12/19 04:31:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\TuneUp Software
[2014/01/20 05:05:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\uTorrent
[2013/12/29 03:50:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\HESS\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/21/2014 6:22:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HESS\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.99% Memory free
5.85 Gb Paging File | 5.23 Gb Available in Paging File | 89.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092D:\pagef [Binary data over 200 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS.0 | %ProgramFiles% = D:\Program Files
Drive C: | 74.50 Gb Total Space | 6.79 Gb Free Space | 9.11% Space Free | Partition Type: NTFS
Drive D: | 55.89 Gb Total Space | 20.31 Gb Free Space | 36.33% Space Free | Partition Type: NTFS

Computer Name: HESS-A23995F71B | User Name: HESS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe" = D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"D:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"D:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-downloader.exe" = D:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"D:\WINDOWS.0\system32\ZoneLabs\vsmon.exe" = D:\WINDOWS.0\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\RpcSandraSrv.exe" = D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Program Files\AVG\AVG2014\avgnsx.exe" = D:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG2014\avgdiagex.exe" = D:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG2014\avgmfapx.exe" = D:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG2014\avgemcx.exe" = D:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
"D:\Documents and Settings\HESS\Application Data\Dropbox\bin\Dropbox.exe" = D:\Documents and Settings\HESS\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Documents and Settings\HESS\Desktop\utorrent.exe" = D:\Documents and Settings\HESS\Desktop\utorrent.exe:*:Enabled:µTorrent
"D:\Documents and Settings\HESS\Application Data\uTorrent\uTorrent.exe" = D:\Documents and Settings\HESS\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}" = SlimCleaner
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}" = GeekBuddy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954146E0-49FF-4039-AF58-2257506C7D45}" = ZoneAlarm Firewall
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A55747C1-4651-433D-B082-478874FF7516}" = Motorola Mobile Drivers Installation 6.3.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE704636-ECD0-426C-952E-05B8DABD1949}" = EPSON PhotoStarter3.2
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B769E2BD-8A06-4B03-9496-5B991025A2C6}" = ZoneAlarm Security
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Home XII.SP2c
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9890FBA-A82A-47EB-93EA-C0A1A77D1033}" = Nero 8 Essentials
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DB240D1E-B742-420B-BD4C-C6BC720FB84B}" = AVG 2014
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F33552CB-4B12-4B27-8211-384F623E79EA}" = Diskeeper Home Edition
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.1
"FileZilla Server" = FileZilla Server (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"JDSecure" = JD Secure 3.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.7
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.93
"ShaPlus Bandwidth Meter" = ShaPlus Bandwidth Meter 1.4
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1 beta4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Dropbox" = Dropbox
"FoxTab PDF Converter" = FoxTab PDF Converter
"MusicManager" = Music Manager
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2013 5:30:50 AM | Computer Name = HESS-A23995F71B | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 12/28/2013 5:30:51 AM | Computer Name = HESS-A23995F71B | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/29/2013 5:30:23 AM | Computer Name = HESS-A23995F71B | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 12/29/2013 5:30:24 AM | Computer Name = HESS-A23995F71B | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 1/4/2014 3:58:40 AM | Computer Name = HESS-A23995F71B | Source = CltMngSvc | ID = 1000
Description =

Error - 1/4/2014 4:06:30 AM | Computer Name = HESS-A23995F71B | Source = CltMngSvc | ID = 1000
Description =

Error - 1/17/2014 3:11:01 PM | Computer Name = HESS-A23995F71B | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 31.0.1650.63, faulting module
unknown, version 0.0.0.0, fault address 0xf53fc226.

Error - 1/18/2014 3:48:40 AM | Computer Name = HESS-A23995F71B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/20/2014 1:58:23 PM | Computer Name = HESS-A23995F71B | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see D:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/20/2014 2:00:38 PM | Computer Name = HESS-A23995F71B | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see D:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 1/20/2014 1:43:32 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Search Protect by Conduit Service service depends on the Terminal
Services service which failed to start because of the following error:   %%1058

Error - 1/20/2014 1:43:47 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Search Protect by Conduit Service service depends on the Terminal
Services service which failed to start because of the following error:   %%1058

Error - 1/20/2014 2:23:23 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1058

Error - 1/20/2014 2:23:23 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Search Protect by Conduit Service service depends on the Terminal
Services service which failed to start because of the following error:   %%1058

Error - 1/20/2014 2:23:23 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error:   %%1058

Error - 1/20/2014 2:23:34 PM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cmderd cmdGuard cmdHlp Imapi Inspect

Error - 1/21/2014 3:50:23 AM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error:   %%1058

Error - 1/21/2014 3:50:23 AM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Search Protect by Conduit Service service depends on the Terminal
Services service which failed to start because of the following error:   %%1058

Error - 1/21/2014 3:50:23 AM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error:   %%1058

Error - 1/21/2014 3:50:33 AM | Computer Name = HESS-A23995F71B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cmderd cmdGuard cmdHlp Imapi Inspect

< End of report >

Thanks once again for all your assistance, that's a lot of material!!!

wjh

Edited by wjh1170, 21 January 2014 - 05:42 AM.

wjh1170 (Bill)

#7 Jo*

SuperMember

Malware Team
1,208 posts

Posted 21 January 2014 - 12:04 PM

Hi wjh1170,

P2P - I see you have P2P software µTorrent installed on your machine.

Avoid P2P
Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
Here you will find more information.

Please note:

If you think you're using a "safe" P2P program, only the program is safe, not the data.
You will share files from unsafe sources, and these may be infected.
Some bad guys use P2P filesharing as an important chanel to spread their wares.

I would advice you, uninstall it now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

***

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

***

Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***

wjh1170 likes this

Graduate of the WTT Classroom
Cheers,
Jo

#8 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 21 January 2014 - 06:24 PM

Thank you Jo, My 15 yr. old evidently downloaded the P2P program, I have deleted it as per your instructions and threatened him with removal of his Cell phone if he downloads any other programs in the future. (That threat always works, LOL).

I apologize for the delay in my response, I have been out all day and just arrived home. It is 7:12 PM my time, and after I follow all of your instructions it will be about 8 hours until I awaken and log back on the computer. I apologize in advance for any inconvenince this may cause you. You have been very helpful and I truly appreciate your efforts.

aswMBR.exe Scan Results

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-21 19:15:34
-----------------------------
19:15:34.984    OS Version: Windows 5.1.2600 Service Pack 3
19:15:34.984    Number of processors: 2 586 0x209
19:15:34.984    ComputerName: HESS-A23995F71B UserName: HESS
19:15:44.546    Initialize success
19:16:21.375    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:16:21.375    Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
19:16:21.375    Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:16:21.390    Disk 1 Vendor: WDC_WD600BB-00CAA1 17.07W17 Size: 57241MB BusType: 3
19:16:21.562    Disk 0 MBR read successfully
19:16:21.562    Disk 0 MBR scan
19:16:21.562    Disk 0 Windows XP default MBR code
19:16:21.562    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76285 MB offset 63
19:16:21.578    Disk 0 scanning sectors +156232125
19:16:21.656    Disk 0 scanning D:\WINDOWS.0\system32\drivers
19:16:31.703    Service scanning
19:16:55.781    Service WudfPf D:\WINDOWS.0\D:\WINDOWS.0\system32\WudfPf.sys **LOCKED** 123
19:16:55.781    Service WudfRd D:\WINDOWS.0\D:\WINDOWS.0\system32\wudfrd.sys **LOCKED** 123
19:16:56.500    Modules scanning
19:17:18.703    Disk 0 trace - called modules:
19:17:18.703    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
19:17:18.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a977ab8]
19:17:18.703    3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a978510]
19:17:18.703    5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a924d98]
19:17:18.703    Scan finished successfully
19:17:54.890    Disk 0 MBR has been saved successfully to "D:\Documents and Settings\HESS\Desktop\MBR.dat"
19:17:54.906    The log file has been saved successfully to "D:\Documents and Settings\HESS\Desktop\aswMBR.txt"

I did as you requested and did not fix anything. The MBR.dat. compressed file is also attached.

MBR.zip 499bytes 196 downloads

Edited by wjh1170, 21 January 2014 - 06:28 PM.

wjh1170 (Bill)

#9 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 21 January 2014 - 06:34 PM

Sorry, posted the reply before I sent you the last request you made, the AdwCleaner[R0].txt log.

# AdwCleaner v3.017 - Report created 21/01/2014 at 19:29:09
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HESS - HESS-A23995F71B
# Running from : C:\Documents and Settings\HESS\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\searchplugins\zonealarm.xml
File Found : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\user.js
File Found : D:\WINDOWS.0\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found D:\Documents and Settings\All Users.WINDOWS.0\Application Data\Conduit
Folder Found D:\Documents and Settings\HESS\Local Settings\Application Data\genienext
Folder Found D:\Program Files\Conduit
Folder Found D:\Program Files\Level Quality Watcher
Folder Found D:\WINDOWS.0\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2428615
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : D:\Documents and Settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\prefs.js ]

Line Found : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388999550854,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN36769864511048520&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15369");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 30);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 66511213);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "60a515d6000000000000000c6e617452");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1712:53:57");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510.35510.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A183015%2C%22ver%22%3A2%2[...]
Line Found : user_pref("extensions.crossrider.bic", "143a9c0a4d61e42f3d9fdfdc6b29e465");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.machineId", "IZXOCY7ECGZIGRAG2QKWSSY/9K+DTDGHNDN5BTO9YLSVZCUXT4HBNVVA5R8/6+6U4F1BDU5N7L+JSXR6FHKLCW");

[ File : D:\Documents and Settings\Administrator.HESS-A23995F71B.000\Application Data\Mozilla\Firefox\Profiles\z53beqry.default\prefs.js ]

-\\ Google Chrome v

[ File : D:\Documents and Settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8933 octets] - [21/01/2014 19:29:09]

########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [8993 octets] ##########

I haven't a clue what I need to keep.....this is well above my understanding at this time. Just let me know how to proceed and I will do exactly as you request........I have a few problems, but listening and following instructions are not two of them. :-)

Thanks again, this truly is impressive to me, a lot of work!!!!

wjh1170 (Bill)

#10 Jo*

SuperMember

Malware Team
1,208 posts

Posted 22 January 2014 - 05:28 AM

Hi wjh1170,

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Enable your antivirus!

***

Graduate of the WTT Classroom
Cheers,
Jo

Advertisements

Register to Remove

#11 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 22 January 2014 - 05:45 AM

I disabled AVG.....yet I get a warning that Microsoft Security Essentials is still Running from ComboFix. I can't find that program running in services, uninstall, or anywhere else I have looked. Any suggestions?

wjh1170 (Bill)

#12 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 22 January 2014 - 06:11 AM

Jo:

I continued to search for Microsoft Security Essentials but had no luck. I cancelled the Combofix scan because it says that Antivirus programs are known to interfere with it. I apologize but I have to leave now for Physical Therapy. I will be back later today and check to see if you can shed some light on where I can find this program.....It is not listed as installed, does not show up on any uninstall lists, and through search. I do recall running the program a while back but uninstalled it. Is it possible Combofix is picking up some undeleted files??

Thanks;

Bill

wjh1170 (Bill)

#13 Jo*

SuperMember

Malware Team
1,208 posts

Posted 22 January 2014 - 07:43 AM

Hi wjh1170,

try the microsoft-security-essentials-removal-tool

Graduate of the WTT Classroom
Cheers,
Jo

#14 wjh1170

New Member

Authentic Member
18 posts

Interests:Sports

Posted 22 January 2014 - 08:01 PM

Jo;

I ran the tool as instructed and it seemed to have removed Microsoft Security Essentials..........but I noticed on the top of the log that it had been running in two places, one was disabled, the other enabled. I hope this did not foul the results. It seemed to delete an awful lot of files, were they all malware?

Thanks once again for all your help....be back in about 6 hours.

Bill

ComboFix 14-01-22.01 - HESS 01/22/2014 20:15:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1237 [GMT -5:00]
Running from: d:\documents and settings\HESS\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome.manifest
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\asyncDB.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\browserAction.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\contextMenu.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dbManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\dom_bg.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\fileManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefox.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxNotifications.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\firefoxOmnibox.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\message.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\pageAction.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\request.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\tabs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\webRequest.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\api\windowsMessagingHandler.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\background.html
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\baseObject.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\browser.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\addressBarChangeObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\console.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\consts.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\delegate.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\extensionDataStore.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\folderIOWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\httpObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\IDBWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\installer.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\logFile.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\prefs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\progressListenerObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\registry.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reloadObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\reports.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\requestObject.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\searchSettings.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\uninstallObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\updateManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\utils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\core\xhr.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\dialog.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\main.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\options.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\platformVersion.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\chrome\content\search_dialog.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\defaults\preferences\prefs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\manifest.xml
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins.json
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\1_base.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\13_CrossriderAppUtils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\14_CrossriderUtils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\16_FFAppAPIWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\17_jQuery.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\177_crossriderDashboard.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\182_openUrl.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\183_tabsWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\21_debug.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\22_resources.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\28_initializer.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\4_jquery_1_7_1.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\47_resources_background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\64_appApiMessage.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\72_appApiValidation.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\78_CrossriderInfo.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91_monetizationLoader.js.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\98_omniCommands.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\userCode\extension.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\install.rdf
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\locale\en-US\translations.dtd
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button1.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button2.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button3.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button4.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\button5.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\crossrider_statusbar.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon128.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon16.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon24.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\icon48.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\panelarrow-up.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\popup.html
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\skin.css
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\skin\update.css
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome.manifest
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\asyncDB.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\browserAction.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\contextMenu.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\dbManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\dom_bg.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\fileManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\firefox.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\firefoxNotifications.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\firefoxOmnibox.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\message.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\pageAction.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\request.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\tabs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\api\webRequest.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\background.html
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\baseObject.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\browser.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\console.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\consts.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\delegate.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\extensionDataStore.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\folderIOWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\httpObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\IDBWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\installer.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\logFile.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\prefs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\progressListenerObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\registry.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\reloadObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\reports.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\requestObject.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\searchSettings.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\uninstallObserver.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\updateManager.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\utils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\core\xhr.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\dialog.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\main.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\options.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\options.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\chrome\content\search_dialog.xul
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\defaults\preferences\prefs.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\manifest.xml
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins.json
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\1_base.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\102_dealply_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\104_jollywallet_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\105_corticas_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\108_icm_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\117_coupons_intext_ads_5_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\119_similar_web_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\120_luck_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\123_intext_adv_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\125_arcadi2_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\126_revizer_ws_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\127_revizer_p_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\128_superfish_pricora_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\13_CrossriderAppUtils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\135_arcadi3_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\138_getdeal_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\14_CrossriderUtils.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\141_corticas_ru_m.js.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\142_intext_fa_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\155_ibario_pops_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\159_cortica_rollover_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\16_FFAppAPIWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\17_jQuery.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\171_arcadi2_sourceID_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\175_coolmirage_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\177_crossriderDashboard.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\179_revizer_p_dynamic_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\182_openUrl.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\183_tabsWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\184_noproblemppc_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\189_active_sanity.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\190_pops_5_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\191_ciuvo_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\194_retargeting_bi_m.js.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\195_icm_convertmedia_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\197_kreapixel_pops_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\200_foxydeal_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\204_pricedetect_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\207_dbWrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\21_debug.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\22_resources.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\28_initializer.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\4_jquery_1_7_1.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\47_resources_background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\64_appApiMessage.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\7_hooks.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\72_appApiValidation.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\78_CrossriderInfo.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\87_ginyas_wrapper.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\9_search_engine_hook.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91_monetizationLoader.js.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\93_superfish_no_coupons_m.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\98_omniCommands.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\userCode\background.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\userCode\extension.js
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\install.rdf
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\locale\en-US\translations.dtd
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button1.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button2.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button3.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button4.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\button5.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\crossrider_statusbar.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon128.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon16.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon24.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\icon48.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\panelarrow-up.png
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\popup.html
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\skin.css
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\skin\update.css
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\background.html
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\crossriderManifest.json
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\manifest.xml
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins.json
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\1_base.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\102_dealply_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\104_jollywallet_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\105_corticas_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\108_icm_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\119_similar_web_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\120_luck_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\123_intext_adv_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\125_arcadi2_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\126_revizer_ws_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\127_revizer_p_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\128_superfish_pricora_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\13_CrossriderAppUtils.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\135_arcadi3_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\138_getdeal_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\14_CrossriderUtils.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\141_corticas_ru_m.js.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\142_intext_fa_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\155_ibario_pops_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\159_cortica_rollover_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\17_jQuery.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\171_arcadi2_sourceID_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\175_coolmirage_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\177_crossriderDashboard.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\179_revizer_p_dynamic_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\182_openUrl.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\183_tabsWrapper.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\184_noproblemppc_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\189_active_sanity.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\19_CHAppAPIWrapper.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\190_pops_5_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\191_ciuvo_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\194_retargeting_bi_m.js.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\195_icm_convertmedia_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\197_kreapixel_pops_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\200_foxydeal_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\204_pricedetect_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\21_debug.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\22_resources.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\28_initializer.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\4_jquery_1_7_1.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\47_resources_background.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\64_appApiMessage.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\7_hooks.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\72_appApiValidation.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\78_CrossriderInfo.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\80_CHPopupAppAPI.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\87_ginyas_wrapper.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\9_search_engine_hook.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\91_monetizationLoader.js.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\93_superfish_no_coupons_m.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\plugins\97_resourceApiWrapper.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\userCode\background.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\extensionData\userCode\extension.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\icons\actions\1.png
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\icons\icon128.png
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\icons\icon16.png
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\icons\icon48.png
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\api\chrome.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\api\cookie.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\api\message.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\api\pageAction.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\api\pageActionBG.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\background.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\app_api.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\bg_app_api.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\consts.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\cookie_store.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\crossriderAPI.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\delegate.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\events.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\extensionDataStore.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\installer.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\logFile.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\logging.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\onBGDocumentLoad.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\popupResource\newPopup.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\popupResource\popup.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\reports.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\storageWrapper.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\updateManager.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\util.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\lib\xhr.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\js\main.js
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\manifest.json
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan\1.25.128_0\popup.html
d:\documents and settings\HESS\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
d:\documents and settings\W.J. Hess\WINDOWS
d:\program files\WinPCap
d:\program files\WinPCap\daemon_mgm.exe
d:\program files\WinPCap\INSTALL.LOG
d:\program files\WinPCap\NetMonInstaller.exe
d:\program files\WinPCap\npf_mgm.exe
d:\program files\WinPCap\rpcapd.exe
d:\program files\WinPCap\Uninstall.exe
d:\windows.0\SwSys1.bmp
d:\windows.0\SwSys2.bmp
d:\windows.0\system32\drivers\etc\hosts.ics
d:\windows.0\system32\drivers\etc\lmhosts
d:\windows.0\system32\drivers\npf.sys
d:\windows.0\system32\Packet.dll
d:\windows.0\system32\pthreadVC.dll
d:\windows.0\system32\WanPacket.dll
d:\windows.0\system32\wpcap.dll
d:\windows.0\wininit.ini
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js . . . . Failed to delete
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js . . . . Failed to delete
d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\199_superfish_no_coupons_plushd_m.js . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-23 to 2014-01-23 )))))))))))))))))))))))))))))))
.
.
2014-01-23 00:23 . 2014-01-23 00:33   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\Object Browser
2014-01-23 00:20 . 2014-01-23 00:33   2968   ----a-w-   D:\FixitRegBackup.reg
2014-01-22 12:03 . 2014-01-22 12:05   --------   d-----w-   d:\program files\Object Browser
2014-01-22 00:27 . 2014-01-22 00:30   --------   d-----w-   D:\AdwCleaner
2014-01-21 10:48 . 2014-01-21 10:50   51416   ----a-w-   d:\windows.0\system32\drivers\mbamchameleon.sys
2014-01-21 09:10 . 2014-01-21 09:10   --------   d-----w-   D:\SUPERDelete
2014-01-20 18:38 . 2014-01-20 18:38   --------   d-----w-   d:\program files\ShaPlus Bandwidth Meter
2014-01-19 09:04 . 2014-01-20 09:47   --------   d-----w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\SearchModule
2014-01-19 09:02 . 2014-01-20 11:35   --------   d-----w-   d:\program files\Common Files\Goobzo
2014-01-19 09:02 . 2014-01-19 09:02   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\Installer
2014-01-19 09:02 . 2014-01-19 09:02   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\CrashRpt
2014-01-18 07:42 . 2013-03-20 14:49   11264   ----a-w-   d:\windows.0\system32\drivers\motusbdevice.sys
2014-01-18 07:42 . 2009-07-14 17:27   1461992   ----a-w-   d:\windows.0\system32\wdfcoinstaller01009.dll
2014-01-18 07:42 . 2013-03-20 14:51   6272   ----a-w-   d:\windows.0\system32\drivers\motfilt.sys
2014-01-18 07:42 . 2013-03-19 22:25   23936   ----a-w-   d:\windows.0\system32\drivers\Motousbnet.sys
2014-01-18 07:42 . 2013-03-19 22:25   21376   ----a-w-   d:\windows.0\system32\drivers\motccgp.sys
2014-01-18 07:42 . 2012-06-08 21:08   6656   ----a-w-   d:\windows.0\system32\drivers\motswch.sys
2014-01-17 04:05 . 2014-01-17 04:05   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\libimobiledevice
2014-01-16 08:35 . 2014-01-16 08:37   --------   d-----w-   d:\program files\SlimCleaner
2014-01-16 06:20 . 2013-12-19 02:10   94632   ----a-w-   d:\windows.0\system32\WindowsAccessBridge.dll
2014-01-08 11:27 . 2014-01-08 11:27   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\Sun
2014-01-07 10:17 . 2014-01-07 10:17   --------   d-----w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\McAfee
2014-01-07 10:03 . 2014-01-07 10:03   --------   d-----w-   d:\program files\Microsoft Bootvis
2014-01-07 09:55 . 2014-01-07 09:58   --------   d-----w-   D:\Fonts Backup
2014-01-06 09:59 . 2014-01-06 09:59   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\Programs
2014-01-04 08:01 . 2014-01-04 08:01   --------   d-----w-   d:\program files\YourWare Solutions
2014-01-04 08:00 . 2014-01-04 08:00   --------   d-----w-   d:\documents and settings\HESS\.android
2014-01-04 08:00 . 2014-01-04 08:03   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\cache
2014-01-04 08:00 . 2014-01-04 08:00   --------   d-----w-   d:\documents and settings\HESS\Local Settings\Application Data\genienext
2014-01-04 07:58 . 2014-01-16 11:14   --------   d-----w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\Conduit
2013-12-29 08:50 . 2013-12-29 08:50   --------   d-----w-   d:\documents and settings\HESS\Application Data\WinPatrol
2013-12-29 08:36 . 2013-12-29 08:36   --------   d-----w-   d:\program files\BillP Studios
2013-12-29 08:36 . 2013-12-29 08:36   --------   d-----w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\InstallMate
2013-12-25 09:11 . 2000-01-01 00:00   53248   ----a-w-   d:\windows.0\system32\CSVer.dll
2013-12-25 09:09 . 2013-12-25 09:09   --------   d-----w-   D:\Intel
2013-12-25 09:08 . 2013-12-25 09:08   --------   d-----w-   D:\adaptec
2013-12-25 09:00 . 2013-12-25 09:00   --------   d-----w-   d:\documents and settings\HESS\Application Data\Sierra Wireless
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 07:32 . 2013-12-18 18:02   692616   ----a-w-   d:\windows.0\system32\FlashPlayerApp.exe
2014-01-18 07:32 . 2011-07-26 20:42   71048   ----a-w-   d:\windows.0\system32\FlashPlayerCPLApp.cpl
2013-12-25 08:41 . 2013-12-22 09:37   13464   ----a-w-   d:\windows.0\system32\drivers\SWDUMon.sys
2013-12-22 09:11 . 2013-12-22 09:11   1700352   ----a-w-   d:\windows.0\system32\gdiplus.dll
2013-12-20 14:05 . 2013-12-20 14:05   40392   ----a-w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA764D14-97EB-4263-9D8C-D77C6AF0C225}\MpKsl3857c20a.sys
2013-12-19 01:46 . 2009-06-09 22:48   145408   ----a-w-   d:\windows.0\system32\javacpl.cpl
2013-12-18 18:00 . 2010-02-06 11:26   270240   ----a-w-   d:\windows.0\system32\aswBoot.exe
2013-12-16 06:54 . 2013-12-20 16:20   7760024   ----a-w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CED51127-9566-4810-9220-2B6EF75F00CC}\mpengine.dll
2013-12-16 06:54 . 2013-12-20 16:13   7760024   ----a-w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2013-12-16 06:54 . 2013-12-20 09:11   7760024   ----a-w-   d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA764D14-97EB-4263-9D8C-D77C6AF0C225}\mpengine.dll
2013-11-27 20:21 . 2008-04-14 05:27   40960   ----a-w-   d:\windows.0\system32\drivers\ndproxy.sys
2013-11-19 08:33 . 2010-01-01 11:06   230048   ------w-   d:\windows.0\system32\MpSigStub.exe
2013-11-13 02:59 . 2008-04-14 10:41   150528   ----a-w-   d:\windows.0\system32\imagehlp.dll
2013-11-07 05:38 . 2008-04-14 10:42   591360   ----a-w-   d:\windows.0\system32\rpcrt4.dll
2013-11-06 02:50 . 2013-11-06 02:50   120600   ----a-w-   d:\windows.0\system32\drivers\avgdiskx.sys
2013-11-06 01:03 . 2009-06-16 09:47   7168   ----a-w-   d:\windows.0\system32\xpsp4res.dll
2013-11-05 02:57 . 2013-11-05 02:57   209176   ----a-w-   d:\windows.0\system32\drivers\avgidsdriverx.sys
2013-11-01 04:00 . 2013-11-01 04:00   176952   ----a-w-   d:\windows.0\system32\drivers\avgldx86.sys
2013-11-01 03:30 . 2013-11-01 03:30   222520   ----a-w-   d:\windows.0\system32\drivers\avglogx.sys
2013-10-30 02:26 . 2008-04-14 06:00   1879040   ----a-w-   d:\windows.0\system32\win32k.sys
2013-10-29 07:57 . 2008-04-14 10:42   920064   ----a-w-   d:\windows.0\system32\wininet.dll
2013-10-29 07:57 . 2008-04-14 10:42   1469440   ------w-   d:\windows.0\system32\inetcpl.cpl
2013-10-29 07:57 . 2008-04-14 10:41   43520   ----a-w-   d:\windows.0\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-14 10:41   18944   ----a-w-   d:\windows.0\system32\corpol.dll
2013-10-29 00:45 . 2008-04-14 05:07   385024   ----a-w-   d:\windows.0\system32\html.iec
2013-10-25 03:28 . 2013-10-25 03:28   147768   ----a-w-   d:\windows.0\system32\drivers\avgidshx.sys
2010-04-28 08:50 . 2010-04-28 08:50   1401344   ----a-w-   d:\program files\HijackThis.msi
2001-10-05 17:53 . 2002-12-23 11:45   21866   -c--a-w-   d:\program files\Common Files\tppupd2k.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-08 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . d:\windows.0\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-08-08 16:28   97064   ----a-w-   d:\program files\Nero\Nero8\InCD\NBHShx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="d:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="d:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AVG_UI"="d:\program files\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"ZoneAlarm"="d:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-15 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0d:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=d:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=d:\windows.0\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^Dropbox.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\Dropbox.lnk
backup=d:\windows.0\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^Dropbox.lnk.disabled]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\Dropbox.lnk.disabled
backup=d:\windows.0\pss\Dropbox.lnk.disabledStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk
backup=d:\windows.0\pss\HughesNetStatusMeter.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=d:\windows.0\pss\MyPC Backup.lnkStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^HESS^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=d:\documents and settings\HESS\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=d:\windows.0\pss\OpenOffice.org 3.1.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04   959904   ----a-w-   d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo RX620 Series]
2004-05-19 20:00   98304   ----a-w-   d:\windows.0\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2009-09-06 14:26   1230336   ----a-w-   d:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-01-06 09:57   116648   ----atw-   d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:13   208952   ----a-w-   d:\windows.0\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2008-08-08 16:27   1083176   ----a-w-   d:\program files\Nero\Nero8\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 20:06   1840424   ----a-w-   d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-08-22 19:13   2363392   ----a-w-   d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 03:12   3872080   ----a-w-   d:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 20:54   169312   ----a-w-   d:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 19:39   570664   ----a-w-   d:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-06-03 04:48   1753192   ----a-w-   d:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2008-08-08 16:28   2049320   ----a-w-   d:\program files\Nero\Nero8\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 18:33   17418928   ----a-r-   d:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16   254336   ----a-w-   d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayMin900]
2005-08-25 11:41   266240   ----a-r-   d:\windows.0\system32\drivers\Tray900.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2013-12-10 05:01   455744   ------w-   d:\program files\BillP Studios\WinPatrol\WinPatrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TTFixerService"=2 (0x2)
"Pctspk"=2 (0x2)
"Maxtor Sync Service"=3 (0x3)
"LBTServ"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"=d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DiskeeperSystray"="d:\program files\Executive Software\Diskeeper\DkIcon.exe"
"MSPY2002"=d:\windows.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"PhiBtn"=%SystemRoot%\System32\drivers\PhiBtn.exe
"PHIME2002A"=d:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=d:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"NvCplDaemon"=RUNDLL32.EXE d:\windows.0\system32\NvCpl.dll,NvStartup
"nwiz"=d:\program files\NVIDIA Corporation\nView\nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE d:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"AppleSyncNotifier"=d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" -atboottime
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"zBrowser Launcher"=d:\program files\Logitech\iTouch\iTouch.exe
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\RpcAgentSrv.exe"=
"d:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"d:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"d:\\Documents and Settings\\HESS\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;d:\windows.0\system32\drivers\avgidshx.sys [10/24/2013 10:28 PM 147768]
R0 Avglogx;AVG Logging Driver;d:\windows.0\system32\drivers\avglogx.sys [10/31/2013 10:30 PM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows.0\system32\drivers\avgrkx86.sys [9/10/2013 12:43 AM 27448]
R1 Avgdiskx;AVG Disk Driver;d:\windows.0\system32\drivers\avgdiskx.sys [11/5/2013 9:50 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;d:\windows.0\system32\drivers\avgidsdriverx.sys [11/4/2013 9:57 PM 209176]
R1 AVGIDSShim;AVGIDSShim;d:\windows.0\system32\drivers\avgidsshimx.sys [9/17/2013 12:57 AM 22840]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows.0\system32\drivers\avgldx86.sys [10/31/2013 11:00 PM 176952]
R1 Avgtdix;AVG TDI Driver;d:\windows.0\system32\drivers\avgtdix.sys [8/1/2013 4:08 PM 193848]
R1 CFRMD;CFRMD;d:\windows.0\system32\drivers\CFRMD.sys [5/7/2013 2:00 AM 36112]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;d:\windows.0\system32\drivers\hmd.sys [10/7/2013 12:17 AM 14272]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67664]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 cpuz133;cpuz133;d:\windows.0\system32\drivers\cpuz133_x32.sys [6/5/2010 5:19 AM 20968]
R2 Motorola Device Manager;Motorola Device Manager Service;d:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [11/15/2013 9:24 AM 137528]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;d:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 5:38 AM 50704]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;d:\windows.0\system32\drivers\nvoclock.sys [3/9/2009 11:25 AM 38304]
S?2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2014\avgidsagent.exe [11/11/2013 10:02 PM 3478544]
S1 cmderd;COMODO Internet Security Eradication Driver;d:\windows.0\system32\DRIVERS\cmderd.sys --> d:\windows.0\system32\DRIVERS\cmderd.sys [?]
S1 cmdGuard;COMODO Internet Security Driver;d:\windows.0\system32\DRIVERS\cmdguard.sys --> d:\windows.0\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper Driver;d:\windows.0\system32\DRIVERS\cmdhlp.sys --> d:\windows.0\system32\DRIVERS\cmdhlp.sys [?]
S1 MpKslc4fa901a;MpKslc4fa901a;\??\d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{770A43F5-431F-44BC-8FF1-80B9C62ADAB6}\MpKslc4fa901a.sys --> d:\documents and settings\All Users.WINDOWS.0\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{770A43F5-431F-44BC-8FF1-80B9C62ADAB6}\MpKslc4fa901a.sys [?]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [7/1/2010 2:23 PM 116608]
S3 als4k;Avance Audio Miniport Driver (WDM);d:\windows.0\system32\drivers\als4000.sys [10/22/2001 11:46 AM 28919]
S3 BTCFilterService;USB Networking Driver Filter Service;d:\windows.0\system32\drivers\motfilt.sys [1/18/2014 2:42 AM 6272]
S3 camvid40;Philips SPC 900NC PC Camera;d:\windows.0\system32\drivers\camdrv41.sys [6/16/2009 6:44 AM 1240576]
S3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 9:58 AM 11336]
S3 motccgp;Motorola USB Composite Device Driver;d:\windows.0\system32\drivers\motccgp.sys [1/18/2014 2:42 AM 21376]
S3 motccgpfl;MotCcgpFlService;d:\windows.0\system32\DRIVERS\motccgpfl.sys --> d:\windows.0\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;d:\windows.0\system32\drivers\Motousbnet.sys [1/18/2014 2:42 AM 23936]
S3 motusbdevice;Motorola USB Dev Driver;d:\windows.0\system32\drivers\motusbdevice.sys [1/18/2014 2:42 AM 11264]
S3 NeroRegInCDSrv;Nero Registry InCD Service;d:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [8/8/2008 11:28 AM 53032]
S3 PLTurbh;Prolific turbo filter driver for hdd;d:\windows.0\system32\drivers\plturbh.sys --> d:\windows.0\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;d:\windows.0\system32\drivers\plturbo.sys --> d:\windows.0\system32\drivers\plturbo.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe [6/21/2009 2:48 AM 98488]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 SWDUMon;SWDUMon;d:\windows.0\system32\drivers\SWDUMon.sys [12/22/2013 4:37 AM 13464]
S4 TTFixerService;NST ToolTipFixer;"d:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe" --> d:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ     getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 19:11   451872   ----a-w-   d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 d:\windows.0\Tasks\Adobe Flash Player Updater.job
- d:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-18 07:32]
.
2014-01-20 d:\windows.0\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2014-01-23 d:\windows.0\Tasks\AVG_SYS_TASK.job
- d:\documents and settings\All Users.WINDOWS.0\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2013-12-21 18:06]
.
2014-01-23 d:\windows.0\Tasks\AVG_SYS_TASK_DELETE.job
- d:\documents and settings\All Users.WINDOWS.0\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [2013-12-21 18:06]
.
2014-01-23 d:\windows.0\Tasks\GoogleUpdateTaskMachineCore1cefc1ca1468c7b.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 10:14]
.
2014-01-23 d:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 10:14]
.
2014-01-22 d:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003Core.job
- d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-06 09:57]
.
2014-01-23 d:\windows.0\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-261903793-1644491937-1003UA.job
- d:\documents and settings\HESS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-06 09:57]
.
2014-01-19 d:\windows.0\Tasks\Motorola Device Manager Engine.job
- d:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31 15:05]
.
2014-01-18 d:\windows.0\Tasks\Motorola Device Manager Update.job
- d:\program files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31 15:05]
.
2014-01-23 d:\windows.0\Tasks\Object Browser-chromeinstaller.job
- d:\program files\Object Browser\Object Browser-chromeinstaller.exe [2014-01-22 12:03]
.
2014-01-23 d:\windows.0\Tasks\Object Browser-codedownloader.job
- d:\program files\Object Browser\Object Browser-codedownloader.exe [2014-01-22 12:04]
.
2014-01-23 d:\windows.0\Tasks\Object Browser-enabler.job
- d:\program files\Object Browser\Object Browser-enabler.exe [2014-01-22 12:05]
.
2014-01-23 d:\windows.0\Tasks\Object Browser-firefoxinstaller.job
- d:\program files\Object Browser\Object Browser-firefoxinstaller.exe [2014-01-22 12:04]
.
2014-01-23 d:\windows.0\Tasks\Object Browser-updater.job
- d:\program files\Object Browser\Object Browser-updater.exe [2014-01-22 12:05]
.
2014-01-23 d:\windows.0\Tasks\OGALogon.job
- d:\windows.0\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - d:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 184.63.160.68 184.63.160.69 192.168.1.1
DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
FF - ProfilePath - d:\documents and settings\HESS\Application Data\Mozilla\Firefox\Profiles\da8qvwrs.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www-search.net/search.aspx?s=E1Jzadk1,051ab71c-6c2e-44a1-8613-d8bc36d3a6f9,&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 60a515d6000000000000000c6e617452
FF - user.js: extensions.BabylonToolbar_i.hardId - 60a515d6000000000000000c6e617452
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.zonealarm.hpOld0 - hxxps://www.google.com/
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 60a515d6000000000000000c6e617452
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16062
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.04:37
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughGA
FF - user.js: extensions.zonealarm.instlRef - ZLN121131247661700-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughGA&Lan=en&gu=0c5fc5451cf94920a5e39ea319a7af67&tu=10G9y00Be2C01g0&sku=&tstsId=&ver=&
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
MSConfigStartUp-avast5 - d:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-FreeRandomPasswordGenerator - d:\program files\FreeRandomPasswordGenerator\password.exe
MSConfigStartUp-MSSE - d:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-swg - d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TRUUpdater - d:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
MSConfigStartUp-WatcherHelper - d:\program files\Sierra Wireless Inc\Watcher\WaHelper.exe
AddRemove-WinPcapInst - d:\program files\WinPcap\Uninstall.exe
AddRemove-Adobe Acrobat Connect Add-in - d:\documents and settings\HESS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-FoxTab PDF Converter - d:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-22 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows.0\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3560)
d:\windows.0\system32\WININET.dll
d:\documents and settings\HESS\Application Data\Dropbox\bin\DropboxExt.22.dll
d:\program files\Nero\Nero8\InCD\NBHShx.dll
d:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\program files\Nero\Nero8\InCD\NBHStr.dll
d:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
d:\windows.0\system32\ieframe.dll
d:\windows.0\system32\webcheck.dll
d:\windows.0\system32\WPDShServiceObj.dll
d:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
d:\windows.0\system32\PortableDeviceTypes.dll
d:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre7\bin\jqs.exe
d:\program files\Common Files\Motive\McciCMService.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows.0\system32\locator.exe
d:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
d:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2014-01-22 20:47:14 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-23 01:47
.
Pre-Run: 21,700,767,744 bytes free
Post-Run: 21,665,771,520 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
.
- - End Of File - - CA27183BC8D8881EA135E141464538BF
8F558EB6672622401DA993E1E865C861

wjh1170 (Bill)

#15 Jo*

SuperMember

Malware Team
1,208 posts

Posted 23 January 2014 - 05:35 AM

Hi wjh1170,

Combofix deleted some malware plus a lot of adware.

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.

JRT will begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.

Enable your antivirus!
Post the contents of JRT.txt into your next reply.

***

Run OTL again.

Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
don't check the boxes beside LOP Check and Purity Check this time.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window OTL.Txt.
Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

Graduate of the WTT Classroom
Cheers,
Jo

Body Background

skin color theme